[WEB SECURITY] Brute Force authentication attack

Daniele Bellucci daniele.bellucci at gmail.com
Sat Jul 1 16:32:12 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are not using an encrypted chanel (aka: SSL) you're vulnerable to
MiTM attacks

> Hi,
> 
> If you use a very simple captcha, maybe you'll be vulnerable to brute force
> attacks by OCR techniques.
> 
> 
> On 6/30/06, Chris Weber <chris at lookout.net> wrote:
>> True is that.  Also "Human Interactive Proof" or HIP, CAPTCHA being more
>> common, I think.
>>
>> -----Original Message-----
>> From: Jeremiah Grossman [mailto:jeremiah at whitehatsec.com]
>> Sent: Friday, June 30, 2006 1:33 PM
>> To: Web Security
>> Subject: Re: [WEB SECURITY] Brute Force authentication attack
>>
>> We all get those from time to time. :)
>>
>> CAPTCHA
>> "completely automated public Turing test to tell computers and humans
> apart"
>>
>> On Jun 30, 2006, at 10:41 AM, Schmidt, Albert E wrote:
>>
>> > I am definitely having a senior moment.  Can anybody please tell me
>> > what it is called when you have to enter a code displayed in a picture
>> > when authenticating?  I know this is a control against brute force
>> > hacking, but for the life of me I cannot remember what it is called.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEptvL09kcuJoOgZARAsmYAJ9Iquv2n8mVphqSSBPz1csvrN3LKACfe8fj
+I+Q4T3lJ/yikYcivQsBVQk=
=Emvr
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list