WebApp Sec mailing list archives
RE: Defeating CAPTCHA
From: "Derick Anderson" <danderson () vikus com>
Date: Fri, 26 Aug 2005 12:45:00 -0400
Just an observation about the growing complexity of solutions being presented... If I have to look at 10 images of strawberries in various stages of decay, answer inane riddles, or pass an I.Q. test before registering for some site, then I'm going to decide that whatever your service is, I don't need it that badly. And if I, as a technologically-saavy individual, refuse to jump through hoops to prove I'm not a spammer, how likely is it that the average web surfer is going to? If a system is built to run on a computer, then a computer can automate input into that system. If you want to curb a particular use-case of your system (say, signing up for an account), make it economically unattractive or put a human on the receiving side. I can think of three ways (off-hand) to make a use-case "economically unattractive": 1. Charge money. Spammers aren't going to shell out cash en masse. 2. Require a uniquely identifiable token which requires confirmation of the token holder. PayPal's signup is a good example - they credit your bank account with some paltry sum and you tell them later what it is. 3. Provide a service with only information that can't be exploited for profit. Attempting to automate a human recognition system is a race that will leave the humans behind. Eventually only automated spammers will be able to get into your system. My two cents. Derick Anderson
Current thread:
- Re: Defeating CAPTCHA, (continued)
- Re: Defeating CAPTCHA Jayson Anderson (Aug 25)
- Re: Defeating CAPTCHA Andrew van der Stock (Aug 25)
- Re: Defeating CAPTCHA Stephen de Vries (Aug 25)
- RE: Defeating CAPTCHA Glenn Euloth (Aug 26)
- Re: Defeating CAPTCHA Christopher Kunz (Aug 31)
- Re: Defeating CAPTCHA Michal Zalewski (Aug 26)
- RE: [WEB SECURITY] Re: Defeating CAPTCHA Marian Ion (Aug 29)
- Re: Defeating CAPTCHA Devdas Bhagat (Aug 28)
- RE: Defeating CAPTCHA wilsonc (Aug 29)
- Re: Defeating CAPTCHA Devdas Bhagat (Sep 05)