Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Deciphering the Simple Machines Forum audio Captcha

from [Michael . Brooks . SPAM] Network Security [Permanent Link]
Subject: Deciphering the Simple Machines Forum audio Captcha
Date: 19 Apr 2008 23:38:09 -0000 
The Simple Machine?s Forum audio Captcha  that has been hardened from attack.   
I have contacted SMF about this flaw and it has been verified. 

I go into greater detail of how i am able to break this captcha here:
http://www.rooksecurity.com/blog/?p=6

Exploit Code: http://www.rooksecurity.com/exploits/smf_captcha.zip

This captcha has been broken before and exploit code is available here: 
http://www.securityfocus.com/archive/1/471641 . The fix was to add a randomly 
generated static.

I was able to write code to decipher the audio file using a Fuzzy Logic 
comparison http://en.wikipedia.org/wiki/Fuzzy_logic . The comparison is the 
Hamming Distance http://en.wikipedia.org/wiki/Hamming_distance between the 
original audio file and the damaged one generated by the Captcha.

peace
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Deciphering the Simple Machines Forum audio Captcha, Michael . Brooks . SPAM <=
Previous by Date:  Re: [Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries, Nick FitzGerald
Next by Date:  SyScan'08 Singapore - Call for Paper, organiser@syscan.org
Previous by Thread:  [Full-disclosure] Token Kidnapping (Microsoft Security Advisory 951306) presentation available, Cesar
Next by Thread:  SyScan'08 Singapore - Call for Paper, organiser@syscan.org
Indexes:  [Date] [Thread] [Top] [All Lists]