[WEB SECURITY] Brute Force authentication attack

skarvin skarvin at gmail.com
Wed Jul 5 10:34:46 EDT 2006


Hi,

I' cant see any download link, are you sure that this project isn't a hoax?
Are you tested it, piltrafilla?



On 7/3/06, Mark Mcdonald <mmcdonald at staff.iinet.net.au> wrote:
>
>  You'd be surprised how easy it is to defeat most captchas...
>
>
>
> PWNtcha can defeat heaps of common systems found on the net.
>
> http://sam.zoy.org/pwntcha/
>
>
>
>
>   ------------------------------
>
> *From:* skarvin [mailto:skarvin at gmail.com]
> *Sent:* Saturday, July 01, 2006 3:39 PM
> *To:* Chris Weber
> *Cc:* Jeremiah Grossman; Web Security
> *Subject:* Re: [WEB SECURITY] Brute Force authentication attack
>
>
>
> Hi,
>
> If you use a very simple captcha, maybe you'll be vulnerable to brute
> force attacks by OCR techniques.
>
>
> On 6/30/06, Chris Weber <chris at lookout.net> wrote:
> > True is that.  Also "Human Interactive Proof" or HIP, CAPTCHA being more
> > common, I think.
> >
> > -----Original Message-----
> > From: Jeremiah Grossman [mailto: jeremiah at whitehatsec.com]
> > Sent: Friday, June 30, 2006 1:33 PM
> > To: Web Security
> > Subject: Re: [WEB SECURITY] Brute Force authentication attack
> >
> > We all get those from time to time. :)
> >
> > CAPTCHA
> > "completely automated public Turing test to tell computers and humans
> apart"
> >
> > On Jun 30, 2006, at 10:41 AM, Schmidt, Albert E wrote:
> >
> > > I am definitely having a senior moment.  Can anybody please tell me
> > > what it is called when you have to enter a code displayed in a picture
> > > when authenticating?  I know this is a control against brute force
> > > hacking, but for the life of me I cannot remember what it is called.
> > >
> > > ----------------------------------------------------------------------
> > > ------
> > > The Web Security Mailing List:
> > > http://www.webappsec.org/lists/websecurity/
> > >
> > > The Web Security Mailing List Archives:
> > > http://www.webappsec.org/lists/websecurity/archive/
> > > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> > >
> >
> >
> >
> ----------------------------------------------------------------------------
>
> > The Web Security Mailing List:
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives:
> > http://www.webappsec.org/lists/websecurity/archive/
> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >
> >
> >
> ----------------------------------------------------------------------------
>
> > The Web Security Mailing List:
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives:
> > http://www.webappsec.org/lists/websecurity/archive/
> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >
> >
>
>
>
> --
> Un saludo,
>
> *skarvin*
> skarvin.blogspot <http://skarvin.blogspot.com>.com<http://skarvin.blogspot.com>
>



-- 
Un saludo,

Isidro Catalán
<a href=skarvin.blogspot.com>skarvin.blogspot.com</a>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060705/7fc7c110/attachment.html>


More information about the websecurity mailing list