Re: Attack & Defence Against Visual CAPTCHA

[Feher Tamas <etomcat () freemail hu>]

Hello,

Let me chime in on the topic.

Visual Captchas are useless

1., No matter how good they are, people will still solve
them (you know the usual spammer trick: set up a free pr0n
website and require visitors to solve the proxied captchas
to access those adult pictures).

2., Visual CAPTCHAS alone cannot be used due to legal
reasons (especially in Europe, where strong laws protect
people with disabilties). You also need to provide an
alternative (usually voice-based) method to let blind guys
access the services or you get sued for discrimination. And
this helps spammers, because this way they can avoid any
complicated images you plan to generate.

As you know, secret services of the world spent the better
part of Cold War wiretapping as many phone lines as they
could. There must be some extremely advanced software that
can process speech without human assistance. Spammers have
huge piles of money and they will bribe someone to give them
the high tech, just like the russkies bought US state
secrets from A. Ames et al.

Don't spend too much time on inventing distored images of
digit and alphabet strings.

Regards, Tamas Feher.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/