lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: etomcat at freemail.hu (Feher Tamas)
Subject: Re: Attack & Defence Against Visual CAPTCHA

Hello,

Let me chime in on the topic.

Visual Captchas are useless

1., No matter how good they are, people will still solve
them (you know the usual spammer trick: set up a free pr0n
website and require visitors to solve the proxied captchas
to access those adult pictures).

2., Visual CAPTCHAS alone cannot be used due to legal
reasons (especially in Europe, where strong laws protect
people with disabilties). You also need to provide an
alternative (usually voice-based) method to let blind guys
access the services or you get sued for discrimination. And
this helps spammers, because this way they can avoid any
complicated images you plan to generate.

As you know, secret services of the world spent the better
part of Cold War wiretapping as many phone lines as they
could. There must be some extremely advanced software that
can process speech without human assistance. Spammers have
huge piles of money and they will bribe someone to give them
the high tech, just like the russkies bought US state
secrets from A. Ames et al.

Don't spend too much time on inventing distored images of
digit and alphabet strings.

Regards, Tamas Feher.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ