also, i have seen buzz in the underground business about people hireing real people (like outsourcing companies) which pays 1$ per 1000 CAPTCHA image the person breaks.
and the whole idea behind using image/audio challange fails appart. thanks, -bipin On Mon, May 12, 2008 at 7:58 PM, sarose <[EMAIL PROTECTED]> wrote: > > Hi folks, > > Freely available CAPTCHA libraries are limited in certain pattern even > they go for randomization, distortion and clutter to confuse OCR. All > these stealth techniques have failed miserably. Recently Gmail, MSN > live, Yahoo! CAPTCHA got failed [1] with highest success rate ever > recorded. One of the test shows that MSN Live! failed with 92% of the > time..[2] There are many proof of concept. Breaking CAPTCHA is easier > and its not a right means to protect the automated attacks. Follow the > suggestion the artcile [2] has presented. Choose the right library > having the lesser failure rate in producing breakable code. > > Explore in details here: http://www.cs.sfu.ca/~mori/research/gimpy/ > > > -- > Sarose > > [1] http://en.wikipedia.org/wiki/Captcha > [2] http://www.cs.sfu.ca/~mori/research/gimpy/ > > On May 11, 10:53 pm, acpmasquerade <[EMAIL PROTECTED]> wrote: > > Very easy, > > use any captcha service providers or any other else created on your > > own using GDLibrary in PHP > > > > One of the most famous Captcha service providers is > > recaptcha.nethttp://recaptcha.net/plugins/php/ > > > > And some more arewww.PHPCaptcha.orgwww.captchacreator.com > > > > > But I will suggest you a very simple one here. You are left to discuss > > on security issues in this type. > > Steps: > > a) First select a random number/character/symbols, etc whatever you > > think you should use in you captcha > > b) Use a session variable to store the sequence you have generated > > c) Use GDLibrary extension of PHP to generate an image out of the text > > you have generated > > d) Display the image somewhere and read a text input > > e) When the form is submitted, match the input with the session > > variable you had stored in step 'b'. > > > > This is a simple method how to stop spams. > > > > However you can do another trick too, if you do not have a proper > > knowledge in GD > > a) Randomize number. b) have 0-9 digits' images. c)Break the > > characters into digits and display the image sequences to build an > > image of number. But make sure that the names of images are some > > encrypted strings so that pattern of the next digit cannot be guessed. > > Otherwise robots just break the code and input what you are > > expecting. > > > > For more you can continue the discussion > > > > Thanks > > > -- X-No-Archive: --~--~---------~--~----~------------~-------~--~----~ FOSS Nepal mailing list: [email protected] http://groups.google.com/group/foss-nepal To unsubscribe, e-mail: [EMAIL PROTECTED] Community website: http://www.fossnepal.org/ -~----------~----~----~----~------~----~------~--~---
