Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: confirming it's a person

From: "Isaac Dawson" <isaac.dawson () gmail com>
Date: Wed, 26 Mar 2008 23:51:08 +0900
I think a lot of this is just guess work if we don't know what the purpose
is. Is this to protect a login form on a web site?
One thing that I've always wondered is how well a site that has good state
management will fair against a brute force attempt.
If the user must go through 2-3 actions to login, it should be pretty easy
to determine if that sequence is being repeated more
than is normal for a human as the system can track the progress of where the
user 'is' on the server side.
-isaac


On Wed, Mar 26, 2008 at 3:28 PM, Andre Gironda <andreg () gmail com> wrote:


On Mon, Mar 24, 2008 at 2:04 PM,  <dan () geer org> wrote:

 I would like to RTFM on alternatives to CAPTCHAs,


I recall sending this link to Robert Auger when he was interested in
gathering research on the current, "state-of-the-art" in CAPTCHA
technology
http://www.ocr-research.org.ua

Do per-page tokens or another solution even partly solve the problem
you are trying to solve?

Cheers,
Andre
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: