Chris Snyder wrote: > It could also be defeated using offshore labor, which we might > see more of in the next few years. How many comments-per-hour > can be submitted by a worker in China making $10/day? How many > more if the worker knows Javascript?
Good point. There's also the "porn attack" that has been used for years: 1. Request the form with the CAPTCHA you want to solve. 2. On a high-traffic page, promise free porn (representative of anything desired, although porn was the actual first use case) in exchange for the solution to the CAPTCHA from Step 1. 3. Submit the form from Step 1, along with the CAPTCHA solution obtained in Step 2. There's also PWNtcha: http://sam.zoy.org/pwntcha/ I hate CAPTCHAs anyway. :-) Chris -- Chris Shiflett http://shiflett.org/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
