WebApp Sec mailing list archives
RE: CAPTCHA
From: "Rod Divilbiss" <rod () rodsdot com>
Date: Tue, 25 Jan 2011 11:17:40 -0600
reCAPTCHA http://www.google.com/recaptcha
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Steve Syfuhs Sent: Monday, January 24, 2011 7:05 PM To: Robin Wood; Shang Tsung Cc: webappsec () securityfocus com Subject: RE: CAPTCHA This is a brilliant idea. Did you come up with it? If not, got any resources? Sent from my Windows Phone -----Original Message----- From: Robin Wood Sent: Monday, January 24, 2011 7:49 PM To: Shang Tsung Cc: webappsec () securityfocus com Subject: Re: CAPTCHA On 24 January 2011 15:11, Shang Tsung <shangtsung71 () gmail com> wrote:We are planning to use a CAPTCHA in order to stop spam engines from filling our Online Forms. From a quick research I made, Ifound thereare good and there are bad types of CAPTCHA. Does anyone know if there are any standard and secureimplementationsof CAPTCHA that we can use? Any good articles on the subject?I hate captchas, always have so I use a reverse captcha on sites that I build. You add a field to the form with name and id of email. You then give it a label that says "Please leave blank" and hide them both with CSS. Most people won't see them because the CSS works, even if they do see them they read the message and obey. Spam engines on the other hand spot the email field and happily fill it in. You then silently drop any contact forms with values in the email field. Normal humans aren't affected and you trick most generic bots. Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- CAPTCHA Shang Tsung (Jan 24)
- Re: CAPTCHA Robin Wood (Jan 24)
- RE: CAPTCHA Maxim Macovei (Jan 24)
- Re: CAPTCHA Marcel Grabher (sallas) (Jan 24)
- RE: CAPTCHA Sacks, Cailan C (Jan 26)
- <Possible follow-ups>
- RE: CAPTCHA Steve Syfuhs (Jan 24)
- RE: CAPTCHA Sacks, Cailan C (Jan 26)
- Re: CAPTCHA Robin Wood (Jan 26)
- RE: CAPTCHA Sacks, Cailan C (Jan 26)
- RE: CAPTCHA Sacks, Cailan C (Jan 26)
- Re: CAPTCHA Robin Wood (Jan 26)
- RE: CAPTCHA Rod Divilbiss (Jan 26)
- Re: CAPTCHA arvind doraiswamy (Jan 26)
- Re: CAPTCHA Robin Wood (Jan 27)
- The Root Cause of CAPTCHA (was Re: CAPTCHA) elbbit (Jan 29)
- Re: CAPTCHA BlackHawk (Jan 26)