Network Security: Detailed info on Re: Account Lockouts

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security SecProg

[Top] [All Lists]

Re: Account Lockouts

from [Valdis . Kletnieks] Network Security

[Permanent Link]

Subject:	Re: Account Lockouts
Date:	Thu, 02 Dec 2004 12:52:34 -0500

On Thu, 02 Dec 2004 15:10:21 +1100, Michael Silk said:

Hi,

 A pretty easy solution exists and is to use "http://www.captcha.net/";
images before locking the account.


The obvious problem is that a visually-challenged user is screwed.

The not-so-obvious problem is that although it "proves" the person is a person,
it doesn't prove that the person who entered the response is the "alledged
person or script" you sent the image to.

Some spammers have found a way to deal with these - they grab the image, and
pass it through to some *other* user as a captcha to get into a "free porn"
site or similar.  So the user sees it, types it in for the spammer, and then
the spammer redirects the response to whoever originally sent it.

pgp08sjsXkXwv.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Account Lockouts, (continued) Re: Account Lockouts, Burak Bilen RE: Account Lockouts, Eric Coleman RE: Account Lockouts, Blake Frantz Re: Account Lockouts, Valdis . Kletnieks Re: Account Lockouts, Kalyan Varma RE: Account Lockouts, WebAppSecurity [Technicalinfo.net] Re: Account Lockouts, Griffiths, Ian RE: Account Lockouts, David LeBlanc RE: Account Lockouts, Tarun Bansal RE: Account Lockouts, Michael Silk Re: Account Lockouts, Valdis . Kletnieks <= Re: Account Lockouts, Michael Silk Re: Account Lockouts, Valdis . Kletnieks Re: Account Lockouts, Michael Silk Re: Account Lockouts, Valdis . Kletnieks Re: Account Lockouts, Michael Silk Re: Account Lockouts, Valdis . Kletnieks Re: Account Lockouts, Mark Burnett Re: Account Lockouts, Elliott Mitchell Re: Account Lockouts, Alexander Klimov RE: Account Lockouts, David Robert

Previous by Date:	Re: Account Lockouts, Jason Coombs
Next by Date:	Re: Account Lockouts, Valdis . Kletnieks
Previous by Thread:	RE: Account Lockouts, Michael Silk
Next by Thread:	Re: Account Lockouts, Michael Silk
Indexes:	[Date] [Thread] [Top] [All Lists]