lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Feb 13 06:09:45 2006 From: very at unprivate.com (php0t) Subject: Comment Spam: new trends, failing counter-measures and why it's a big deal > And a friend of mine has already written a PHP class using GD that can > beat 80-90% of common CAPTCHA implementations. Interested. Further info? Any online implementation that I can feed images / url's to and receive results? > It's not a particularly complex algorithm. This is all relative. It's supposed to be complex enough for bots to not be able to do, that was the whole point from the beginning. Naturally, if you say there's an application that gets 80-90% of them, we/they can just make more complex images / different approaches for telling between people and humans. That PHP class you were talking about may solve some commonly used Turing tests but are you really saying it's the global solution against word recognition based challenges? If it was like that, it would mean that there is no way anybody could make an image generator that would change its success rate from 90% to 0%... > What's to stop the spammers investing a little more money. Sure, they can always invest more money, but that's less profit. Spammers want the best results investing the smallest amount of money, it's just a question of balance. That's why for a spammer it makes sense to focus on the most low-cost ways of promoting their sites / products. If the bigger percentage of the problem is currently because of sites using weaker Turing tests that a software can solve with such a high success rate as you said (or - as it is usually the case - none at all), we can make the situation better by using captcha-like implementations. This is all I said, but you're both right about pointing out the problems of spammers having money / using people, etc as well. php0t
Powered by blists - more mailing lists