RE: [WEB SECURITY] Defeating CAPTCHA

Hi all!

I suppose if the user had to select each letter and/or numeric digit
from a captcha seperately,  and enter these using a randomly generated
input sequence by the server, that would block any programs from reading
the CAPTCHA and feeding it directly to the form input field.

After several failed attempts the server could generate another CAPTCHA,
and make the user (or robot) start over again.

Eg. CAPTCHA: ZXCVBNM

Please enter the above CAPTCHA in the following sequence:

3rd letter: [ C ]
6th letter: [ N ]
5th letter: [ B ]
2nd letter: [ X ]
7th letter: [ M ]
4th letter: [ V ]
1st letter: [ Z ]

Or via several drop down selection boxes, one for each CAPTCHA character.

HTH - KR

> There already exists few interesting projects around on circumventing
> CAPTCHA ( http://www.captcha.net/ ). There are various alogorithms being
> written to defeat simplests to the complex CAPTCHAs but only few CAPTCHAs
> have survived such tests. 
>
> A project devoted to breaking CAPTCHA systems can be found here:
> http://sam.zoy.org/projects/pwntcha/