Network Security: Detailed info on Re: Thoughts on CAPTCHA

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Thoughts on CAPTCHA

from [Gregory Rubin] Network Security

[Permanent Link]

Subject:	Re: Thoughts on CAPTCHA
Date:	Tue, 15 Apr 2008 15:32:09 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris,

I agree that CAPTCHAs in their current incarnation are broken but I
don't see how your solution addresses the problem.

It is easy for the computer to figure out which part of they keypad
corresponds to which number/character.  If it isn't obvious from the
source-code, then it just does OCR against the button images (and
we're back to the current problems).

Greg

P.S. I should note that there are several trojans out there now which
record not only the position of mouse-clicks but also a snapshot of
the pixes around the click specifically to defeat the protection you
described above.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0

iD8DBQFIBSzY5KDU23nQpRcRAtDFAKCFzi9nxjWAnUrob79V2bKCYfDR2wCfUmZV
vyHMN3byP7Y+S4eC6ucdsN4=
=l7uV
-----END PGP SIGNATURE-----

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Thoughts on CAPTCHA, Chris Barber Re: Thoughts on CAPTCHA, Ayaz Ahmed Khan RE: Thoughts on CAPTCHA, Monrad.DC Re: Thoughts on CAPTCHA, Gregory Rubin <= Re: Thoughts on CAPTCHA, Ali, Saqib Re: Thoughts on CAPTCHA, Ali, Saqib Re: Thoughts on CAPTCHA, sameer . garg Re: Thoughts on CAPTCHA, Shreyas Zare Re: Thoughts on CAPTCHA, Gregory Rubin Re: Thoughts on CAPTCHA, Ali, Saqib Re: Thoughts on CAPTCHA, arckeda Re: Thoughts on CAPTCHA, Gregory Rubin Re: Thoughts on CAPTCHA, Mike Preston - Technomonk Industries

Previous by Date:	Java based vulnerabilities, Albert R. Campa
Next by Date:	Re: Thoughts on CAPTCHA, Ali, Saqib
Previous by Thread:	RE: Thoughts on CAPTCHA, Monrad.DC
Next by Thread:	Re: Thoughts on CAPTCHA, Ali, Saqib
Indexes:	[Date] [Thread] [Top] [All Lists]