Security Basics mailing list archives
Re: Thoughts on CAPTCHA
From: "Gregory Rubin" <grrubin () gmail com>
Date: Tue, 15 Apr 2008 15:32:09 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris, I agree that CAPTCHAs in their current incarnation are broken but I don't see how your solution addresses the problem. It is easy for the computer to figure out which part of they keypad corresponds to which number/character. If it isn't obvious from the source-code, then it just does OCR against the button images (and we're back to the current problems). Greg P.S. I should note that there are several trojans out there now which record not only the position of mouse-clicks but also a snapshot of the pixes around the click specifically to defeat the protection you described above. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0 iD8DBQFIBSzY5KDU23nQpRcRAtDFAKCFzi9nxjWAnUrob79V2bKCYfDR2wCfUmZV vyHMN3byP7Y+S4eC6ucdsN4= =l7uV -----END PGP SIGNATURE-----
Current thread:
- Thoughts on CAPTCHA Chris Barber (Apr 15)
- Re: Thoughts on CAPTCHA Ayaz Ahmed Khan (Apr 16)
- RE: Thoughts on CAPTCHA Monrad.DC (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- <Possible follow-ups>
- Re: Thoughts on CAPTCHA sameer . garg (Apr 16)
- Re: Thoughts on CAPTCHA Shreyas Zare (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA Shreyas Zare (Apr 16)
- Re: Thoughts on CAPTCHA arckeda (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Mike Preston - Technomonk Industries (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)