At www.annualcreditreport.com, they have a different version of the technique described below. You are given a six-digit number and a toll-free number to call. You enter the six-digit number and they give you a different six-digit to enter on the web site. I thought it was pretty slick and a method like this should be encouraged for other web sites.
Dan On Wed, 25 Jun 2008 16:58:49 -0400 Chris Blouch <[EMAIL PROTECTED]> writes: > Yes, it's a hard problem. I was talking with some folks about > alternative accessible solutions to Captcha and one possibility was > to > have the ability to enter a phone number and then have them call you > > with an automated series of letters/numbers read on the phone which > you > would type into the web page. This has some of the same benefits of > cost > to the hacker and can be rate limited to prevent repeated attacks. > As > you say, it also requires some trust and good privacy policy that > they > won't be using your number for anything else. Of course I also > pointed > out that any school kid would love this service as a prank to ring > up > somebody's house at the wee hours of the morning via any web > browser. I > think this issue pretty much put an end to that solution. > > CB > > Jacob Schmude wrote: > > The problem with that is the issue of privacy. I'd prefer not to > allow > > any old forum moderator to have my phone number, for example. Even > > > getting past that, phone numbers can be faked, and I'd imagine the > > > phone system would have to be automated, which means that once the > > > counter-response is figured out it could be cracked rather easily. > On > > top of that, what if the web site in question isn't in your > country of > > residence? Some of those international rates can get nasty, at > least > > in the U.S. > > This is a problem with no easy solution, unfortunately, though I > > personally believe that questions structured in an odd way that > the > > human brain could figure out is the best compromise. It has its > > problems, such as needing to be familiar with the language in > > question, but at the same time I believe it to resolve most of the > > > other problems. Let's face it, no matter what security measure > anyone > > comes up with there will always be someone to break it. And the > ones > > trying to make things secure wind up playing catch-up as their > > security measures are broken. The question in my mind is how much > > security will the end users tolerate? Hopefully it's a question we > > > won't ever have to actually see answered. > > > > On Jun 20, 2008, at 9:25, Chris Blouch wrote: > > > >> This is another example of how to avoid hackers getting in. Add > some > >> real expense and traceable communications to the authentication > >> process. A hacker doesn't care if they have to try 10000 times to > > >> crack one captcha since they are doing though some botnet. The > >> bandwidth and compute power are essentially free and they can > hide > >> behind a shield of relative anonymity. If they have to make a > phone > >> call that raises the bar. For one that call is traceable so if > >> something funny happens it comes back to a phone number under > >> somebody's name. It also has a real cost as the phone line or > cell > >> phone account costs real money and they can't automate it so some > > >> real human will have to make the call. The 10000 tries now isn't > such > >> a great deal. > >> > >> CB > >> > >> Dan Eickmeier wrote: > >>> And that is good for those who are on cell phone providers that > >>> support that verrification. Mine didn't, and I had to email > their > >>> support to get it fixed. > >>> > >>> On 19-Jun-08, at 12:21 AM, Chelsea wrote: > >>> > >>>> Well, that is good for those who have talking cell phones. :( > >>>> On Jun 18, 2008, at 9:17 PM, John Moore wrote: > >>>> > >>>>> They should do it like Facebook, where they take the Captcha > away > >>>>> when you varify your cell phone number with a code they send > you > >>>>> via text message. When you type the code in right, Captcha > becomes > >>>>> nonexistent. > >>>>> > >>>> > >>>> > >>> > >>> > >> > > > > > > ____________________________________________________________ Find solutions for your business. Click here and get it done now! http://thirdpartyoffers.juno.com/TGL2141/fc/Ioyw6i3m7tEC4dGrQ9pkvxDgoFpg1CMdsWcGTyUgdHOaD9biq7lkRz/
