RE: [WEB SECURITY] Defeating CAPTCHA

["Brecrost Jones" <brecrost () hotmail com>]

> I suppose if the user had to select each letter and/or numeric digit
> from a captcha seperately,  and enter these using a randomly generated
> input sequence by the server, that would block any programs from reading
> the CAPTCHA and feeding it directly to the form input field.

> Eg. CAPTCHA: ZXCVBNM
>
> Please enter the above CAPTCHA in the following sequence:
>
> 3rd letter: [ C ]
> 6th letter: [ N ]
> 5th letter: [ B ]
> 2nd letter: [ X ]
> 7th letter: [ M ]
> 4th letter: [ V ]
> 1st letter: [ Z ]

What's to stop the program from reading the labels on the form fields to 
determine the order to enter the characters in?  The labels can't be images, 
or we'll just OCR them too!

Or am I missing something?