Dailydave mailing list archives
Re: confirming it's a person
From: "Jonathan Wilkins" <jwilkins () gmail com>
Date: Wed, 26 Mar 2008 11:39:52 -0700
Algorithms like SIFT ( http://en.wikipedia.org/wiki/Scale-invariant_feature_transform) make this even more accurate. FWIW, here's my opinion on the technology. Some of this is from memory. First, they're ok with a 1/4096 success rate from random guesses according to their paper. They say that they have a very large database to pull from (all of the previously posted data that attackers wouldn't have access to) but I'm figuring that adding a few thousand pre-tagged animals to the mix every week (the animals available for adoption currently) in combination with the fact that attackers can farm out solving them and also save correct answers means that the attacker's cost declines over time and their success rate increases. Not good characteristics. On Wed, Mar 26, 2008 at 10:21 AM, Stefan Wagner <ffm.stefan () googlemail com> wrote:
I think we have already discussed this topic, and someone said we could use pictures of cats and other animals and ask the user to count the number of cats on the photos. Microsoft is working on this, it looks promising. http://research.microsoft.com/asirra/I think a weak point may be that petfinder.com pictures are available to the public too. An Attacker could let some bots crawl petfinder.com by Category, grab the thumbnails (or the big pictures) and resize 'em to asirra thumbnail size (to avoid the bottom text "petfinder.com" Logo on asirra big pictures) and put some CRC of that into a DB (maybe even make it b/w and low-res, only take specified part(s) of the picture for the CRC and so on). This sure won't be perfect, but for some usable percentage i think it may currently work. Regards, Stefan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- confirming it's a person dan (Mar 25)
- Re: confirming it's a person Dave Aitel (Mar 25)
- Message not available
- Re: confirming it's a person Dave Aitel (Mar 25)
- Message not available
- Re: confirming it's a person Dave Aitel (Mar 25)
- Re: confirming it's a person Agutin Gianni (Mar 26)
- Re: confirming it's a person Jon Oberheide (Mar 26)
- Re: confirming it's a person Stefan Wagner (Mar 26)
- Re: confirming it's a person Jonathan Wilkins (Mar 26)
- Re: confirming it's a person David Molnar (Mar 26)
- Re: confirming it's a person Andre Gironda (Mar 26)
- Re: confirming it's a person Isaac Dawson (Mar 26)
- <Possible follow-ups>
- Re: confirming it's a person Blake Frantz (Mar 26)