[WEB SECURITY] Brute Force authentication attack

skarvin skarvin at gmail.com
Sat Jul 1 03:38:56 EDT 2006


Hi,

If you use a very simple captcha, maybe you'll be vulnerable to brute force
attacks by OCR techniques.


On 6/30/06, Chris Weber <chris at lookout.net> wrote:
> True is that.  Also "Human Interactive Proof" or HIP, CAPTCHA being more
> common, I think.
>
> -----Original Message-----
> From: Jeremiah Grossman [mailto:jeremiah at whitehatsec.com]
> Sent: Friday, June 30, 2006 1:33 PM
> To: Web Security
> Subject: Re: [WEB SECURITY] Brute Force authentication attack
>
> We all get those from time to time. :)
>
> CAPTCHA
> "completely automated public Turing test to tell computers and humans
apart"
>
> On Jun 30, 2006, at 10:41 AM, Schmidt, Albert E wrote:
>
> > I am definitely having a senior moment.  Can anybody please tell me
> > what it is called when you have to enter a code displayed in a picture
> > when authenticating?  I know this is a control against brute force
> > hacking, but for the life of me I cannot remember what it is called.
> >
> > ----------------------------------------------------------------------
> > ------
> > The Web Security Mailing List:
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives:
> > http://www.webappsec.org/lists/websecurity/archive/
> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >
>
>
>
----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
>
----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>



-- 
Un saludo,

skarvin
skarvin.blogspot <http://skarvin.blogspot.com>.com<http://skarvin.blogspot.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060701/30183bf2/attachment.html>


More information about the websecurity mailing list