Home page logo
/

basics logo Security Basics mailing list archives

Re: Thoughts on CAPTCHA
From: "Gregory Rubin" <grrubin () gmail com>
Date: Tue, 15 Apr 2008 15:32:09 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris,

I agree that CAPTCHAs in their current incarnation are broken but I
don't see how your solution addresses the problem.

It is easy for the computer to figure out which part of they keypad
corresponds to which number/character.  If it isn't obvious from the
source-code, then it just does OCR against the button images (and
we're back to the current problems).

Greg

P.S. I should note that there are several trojans out there now which
record not only the position of mouse-clicks but also a snapshot of
the pixes around the click specifically to defeat the protection you
described above.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0

iD8DBQFIBSzY5KDU23nQpRcRAtDFAKCFzi9nxjWAnUrob79V2bKCYfDR2wCfUmZV
vyHMN3byP7Y+S4eC6ucdsN4=
=l7uV
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]