nanog mailing list archives

Re: Gmail and SSL

From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 31 Dec 2012 06:44:34 -0500

On Sun, Dec 30, 2012 at 10:26:36PM -0600, Jimmy Hess wrote:

These CA's will normally require interactions be done through a web
site, there will often be captchas or other methods involved in
applying for a certificate that are difficult to automate.


You're kidding, right?  Captchas have been quite, quite thoroughly beaten
for some time now.  See, among others:

        http://www.physorg.com/news/2011-11-stanford-outsmart-captcha-codes.html
        http://cintruder.sourceforge.net/
        http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/
        http://arstechnica.com/news.ars/post/20080415-gone-in-60-seconds-spambot-cracks-livehotmail-captcha.html
        http://www.troyhunt.com/2012/01/breaking-captcha-with-automated-humans.html
        http://it.slashdot.org/article.pl?sid=08/10/14/1442213

---rsk

Current thread:

Re: Gmail and SSL, (continued)
- - - Re: Gmail and SSL Peter Kristolaitis (Dec 14)
    - Re: Gmail and SSL Christopher Morrow (Dec 14)
    - Re: Gmail and SSL Jasper Wallace (Dec 20)
    - Message not available
    - Re: Gmail and SSL Peter Kristolaitis (Dec 29)
- Re: Gmail and SSL Jimmy Hess (Dec 29)
- Re: Gmail and SSL Keith Medcalf (Dec 30)
  - Re: Gmail and SSL Christopher Morrow (Dec 30)
  - Re: Gmail and SSL Jimmy Hess (Dec 30)
    - Re: Gmail and SSL John Levine (Dec 30)
    - Re: Gmail and SSL Jimmy Hess (Dec 30)
    - Re: Gmail and SSL Rich Kulawiec (Dec 31)
    - Re: Gmail and SSL John R. Levine (Dec 31)
- Re: Gmail and SSL Keith Medcalf (Dec 30)