[nycphp-talk] easily defeating captchas using automated imageanalysis
inforequest
1j0lkq002 at sneakemail.com
Tue Nov 2 19:51:24 EST 2004
Chris Shiflett shiflett-at-php.net |nyphp dev/internal group use| wrote:
>This is a key point regarding security in general - it's unwise to focus
>all of your attention in any one area, thereby assuming that this is the
>one opening that a potential attacker will use. It's similar to how people
>have a false sense of security when something is encrypted - often
>decryption isn't necessary for a successful attack (presentation of the
>original encrypted data may be all that's required).
>
>I'm glad that there are people who focus a lot of effort on specific
>issues, but personally speaking, I try to focus on the big picture.
>
>Chris
>
>=====
>Chris Shiflett - http://shiflett.org/
>
>PHP Security - O'Reilly HTTP Developer's Handbook - Sams
>Coming January 2005 http://httphandbook.org/
>_______________________________________________
>
>
yes, but then this is an attempt at a "technology solution" to a
security problem.
There's a way to defeat the to-be-monikered-adult hack. Remind the world
that it is illegal to participate in a security hack, and that
participation via adultsite captcha completion is at the very minimum
"grounds for investigation". Make it public enough that the FBI may come
around your workplace or home asking about the time you completed a
captcha to see those barnyard animal pictures....
Now to preserve privacy and liberty while removing anonymity to ensure
compliance... that is a real magic trick.
-=john andrews
More information about the talk
mailing list