[WEB SECURITY] Brute Force authentication attack

Joseph Peloquin jpelo1 at jcpenney.com
Wed Jul 5 11:24:57 EDT 2006


I see the link fine .. Maybe it was the slashdotting the author speaks of on his homepage *shrug*.

Try: http://sam.zoy.org/pwntcha/

Joey

|-----Original Message-----
|From: skarvin [mailto:skarvin at gmail.com] 
|Sent: Wednesday, July 05, 2006 9:35 AM
|To: Mark Mcdonald
|Cc: websecurity at webappsec.org
|Subject: Re: [WEB SECURITY] Brute Force authentication attack
|
|Hi,
|
|I' cant see any download link, are you sure that this project 
|isn't a hoax? Are you tested it, piltrafilla?
|
|
|
|
|On 7/3/06, Mark Mcdonald < mmcdonald at staff.iinet.net.au> wrote:
|
|	
|
|	You'd be surprised how easy it is to defeat most captchas...
|
|	 
|
|	PWNtcha can defeat heaps of common systems found on the net.
|
|	http://sam.zoy.org/pwntcha/ 
|
|	 
|
|	 
|
|	
|________________________________
|
|
|	From: skarvin [mailto:skarvin at gmail.com] 
|	Sent: Saturday, July 01, 2006 3:39 PM
|	To: Chris Weber
|	Cc: Jeremiah Grossman; Web Security
|	Subject: Re: [WEB SECURITY] Brute Force authentication attack
|
|	 
|
|	Hi,
|	
|	If you use a very simple captcha, maybe you'll be 
|vulnerable to brute force attacks by OCR techniques.
|	
|	
|	On 6/30/06, Chris Weber <chris at lookout.net> wrote:
|	> True is that.  Also "Human Interactive Proof" or HIP, 
|CAPTCHA being more
|	> common, I think.
|	> 
|	> -----Original Message-----
|	> From: Jeremiah Grossman [mailto: 
|jeremiah at whitehatsec.com <mailto:jeremiah at whitehatsec.com> ]
|	> Sent: Friday, June 30, 2006 1:33 PM
|	> To: Web Security
|	> Subject: Re: [WEB SECURITY] Brute Force authentication attack
|	> 
|	> We all get those from time to time. :) 
|	> 
|	> CAPTCHA
|	> "completely automated public Turing test to tell 
|computers and humans apart"
|	> 
|	> On Jun 30, 2006, at 10:41 AM, Schmidt, Albert E wrote:
|	> 
|	> > I am definitely having a senior moment.  Can 
|anybody please tell me 
|	> > what it is called when you have to enter a code 
|displayed in a picture
|	> > when authenticating?  I know this is a control 
|against brute force
|	> > hacking, but for the life of me I cannot remember 
|what it is called. 
|	> >
|	> > 
|----------------------------------------------------------------------
|	> > ------
|	> > The Web Security Mailing List:
|	> > http://www.webappsec.org/lists/websecurity/
|	> >
|	> > The Web Security Mailing List Archives:
|	> > http://www.webappsec.org/lists/websecurity/archive/ 
|	> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
|	> >
|	> 
|	> 
|	> 
|---------------------------------------------------------------
|------------- 
|	> The Web Security Mailing List:
|	> http://www.webappsec.org/lists/websecurity/
|	> 
|	> The Web Security Mailing List Archives:
|	> http://www.webappsec.org/lists/websecurity/archive/
|	> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
|	> 
|	> 
|	> 
|---------------------------------------------------------------
|------------- 
|	> The Web Security Mailing List:
|	> http://www.webappsec.org/lists/websecurity/
|	> 
|	> The Web Security Mailing List Archives:
|	> http://www.webappsec.org/lists/websecurity/archive/
|	> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
|	> 
|	> 
|	
|	
|	
|	-- 
|	Un saludo, 
|	
|	skarvin
|	skarvin.blogspot <http://skarvin.blogspot.com>  .com 
|<http://skarvin.blogspot.com>  
|
|
|
|
|--
|Un saludo,
|
|Isidro Catalán
|<a href=skarvin.blogspot.com>skarvin.blogspot.com </a> 
|
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060705/9326e34e/attachment.pl>
-------------- next part --------------
----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


More information about the websecurity mailing list