Home page logo
/

nanog logo nanog mailing list archives

Re: Suggestions for the future on your web site: (was cookies, and
From: Michael Thomas <mike () mtcc com>
Date: Sat, 26 Jan 2013 17:45:42 -0800

Rich Kulawiec wrote:
On Thu, Jan 24, 2013 at 09:50:15AM -0600, Joe Greco wrote:
However, as part of a "defense in depth" strategy, it can still make
sense.

Brother, you're preaching to the choir.  I've argued for defense in depth
for longer than I can remember.  Still am.

But defenses have to be *meaningful* defenses.  Captchas are a pretend
defense.  They're wishful thinking.  They're faith-based security.

Oh, I dunno. I run a website that has a fairly low volume forums that occasionally gets
a drive by spamming. I'm pretty sure that if I implemented even a naive captcha it would
go back to zero. Same thing with proof of email box control things that has to be even
easier to automate. Would they bother? I doubt it -- it was never particularly worth their
effort to even do the easy drive bys.

Mike


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]