| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jan 2008 01:33:34 +0300 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: "Jos?e M. Palazon Romero" <josem.palazon@...il.com> Cc: bugtraq@...urityfocus.com Subject: Re: Defeating audio captcha systems Dear Jos?e M. Palazon Romero, This approach is not new, it was demonstrated by ShAnKaR <shankar_(at)_shankar.name> against Simple Machines Forum 1.1.2 in June, 2007. See: http://securityvulns.ru/Rdocument271.html (in Russian) http://securityvulns.ru/files/capcha.pl (Exploit code) http://www.securityfocus.com/archive/1/archive/1/471641/100/0/threaded --Tuesday, January 15, 2008, 9:01:03 AM, you wrote to bugtraq@...urityfocus.com: JeMPR> Hi all, JeMPR> Some days ago I wrote an advisory which demonstrates how the Peter's JeMPR> Math Antispam Spinoff plugin for wordpress JeMPR> (http://www.theblog.ca/math-anti-spam) can be defeated by its audio file. JeMPR> It's hard to summarize, you better read the advisory, but in a very JeMPR> small nutshell, the flaw its about not using any kind of distortion on JeMPR> the audio clip, which makes it easily identificable by a script. JeMPR> Here is the link: JeMPR> http://docs.google.com/View?docid=df36cd52_19xzmkwqcg JeMPR> I'm sure you will find the advisory inspirational, as the approach is JeMPR> applicable to many other capthas, and anti-script methods. JeMPR> Regards JeMPR> Jose -- ~/ZARAZA http://securityvulns.com/ Человек это тайна... я занимаюсь этой тайной чтобы быть человеком. (Достоевский)
Powered by blists - more mailing lists