Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Comment Spam: new trends, failing counter-measures and why it's a big deal
From: Valdis.Kletnieks () vt edu
Date: Mon, 13 Feb 2006 11:04:46 -0500

On Mon, 13 Feb 2006 07:09:48 +0100, php0t said:

the global solution against word recognition based challenges? If it was
like that, it would mean that there is no way anybody could make an
image generator that would change its success rate from 90% to 0%...

It's *really* *really* difficult to produce a graphic image of letters
and numbers that is still recognizable to a human but can't be beaten by
a good edge-detection algorithm.  For instance, you can "bleed" the edges
so that they're fuzzy - but then the human has a hard time telling if
it's an 'i' or an 'l', or an 'h' or a 'b' (and so on).

I suppose you *could* put up a picture of something, and ask "What is this
a picture of" - but then you need a sufficiently large library of images that
an attacker can't just download all of them and have a human name each one once.
And of course, this has the danger that a user can be left saying: "WTF? Is
that an antelope or a gazelle?"....

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]