[WEB SECURITY] Brute Force authentication attack

skarvin skarvin at gmail.com
Wed Jul 5 11:28:58 EDT 2006


I see the link, but in this page i can't see any link to download the
project and test it.

See you!

On 7/5/06, Joseph Peloquin <jpelo1 at jcpenney.com> wrote:
>
> I see the link fine .. Maybe it was the slashdotting the author speaks of
> on his homepage *shrug*.
>
> Try: http://sam.zoy.org/pwntcha/
>
> Joey
>
> |-----Original Message-----
> |From: skarvin [mailto:skarvin at gmail.com]
> |Sent: Wednesday, July 05, 2006 9:35 AM
> |To: Mark Mcdonald
> |Cc: websecurity at webappsec.org
> |Subject: Re: [WEB SECURITY] Brute Force authentication attack
> |
> |Hi,
> |
> |I' cant see any download link, are you sure that this project
> |isn't a hoax? Are you tested it, piltrafilla?
> |
> |
> |
> |
> |On 7/3/06, Mark Mcdonald < mmcdonald at staff.iinet.net.au> wrote:
> |
> |
> |
> |       You'd be surprised how easy it is to defeat most captchas...
> |
> |
> |
> |       PWNtcha can defeat heaps of common systems found on the net.
> |
> |       http://sam.zoy.org/pwntcha/
> |
> |
> |
> |
> |
> |
> |________________________________
> |
> |
> |       From: skarvin [mailto:skarvin at gmail.com]
> |       Sent: Saturday, July 01, 2006 3:39 PM
> |       To: Chris Weber
> |       Cc: Jeremiah Grossman; Web Security
> |       Subject: Re: [WEB SECURITY] Brute Force authentication attack
> |
> |
> |
> |       Hi,
> |
> |       If you use a very simple captcha, maybe you'll be
> |vulnerable to brute force attacks by OCR techniques.
> |
> |
> |       On 6/30/06, Chris Weber <chris at lookout.net> wrote:
> |       > True is that.  Also "Human Interactive Proof" or HIP,
> |CAPTCHA being more
> |       > common, I think.
> |       >
> |       > -----Original Message-----
> |       > From: Jeremiah Grossman [mailto:
> |jeremiah at whitehatsec.com <mailto:jeremiah at whitehatsec.com> ]
> |       > Sent: Friday, June 30, 2006 1:33 PM
> |       > To: Web Security
> |       > Subject: Re: [WEB SECURITY] Brute Force authentication attack
> |       >
> |       > We all get those from time to time. :)
> |       >
> |       > CAPTCHA
> |       > "completely automated public Turing test to tell
> |computers and humans apart"
> |       >
> |       > On Jun 30, 2006, at 10:41 AM, Schmidt, Albert E wrote:
> |       >
> |       > > I am definitely having a senior moment.  Can
> |anybody please tell me
> |       > > what it is called when you have to enter a code
> |displayed in a picture
> |       > > when authenticating?  I know this is a control
> |against brute force
> |       > > hacking, but for the life of me I cannot remember
> |what it is called.
> |       > >
> |       > >
> |----------------------------------------------------------------------
> |       > > ------
> |       > > The Web Security Mailing List:
> |       > > http://www.webappsec.org/lists/websecurity/
> |       > >
> |       > > The Web Security Mailing List Archives:
> |       > > http://www.webappsec.org/lists/websecurity/archive/
> |       > > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> |       > >
> |       >
> |       >
> |       >
> |---------------------------------------------------------------
> |-------------
> |       > The Web Security Mailing List:
> |       > http://www.webappsec.org/lists/websecurity/
> |       >
> |       > The Web Security Mailing List Archives:
> |       > http://www.webappsec.org/lists/websecurity/archive/
> |       > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> |       >
> |       >
> |       >
> |---------------------------------------------------------------
> |-------------
> |       > The Web Security Mailing List:
> |       > http://www.webappsec.org/lists/websecurity/
> |       >
> |       > The Web Security Mailing List Archives:
> |       > http://www.webappsec.org/lists/websecurity/archive/
> |       > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> |       >
> |       >
> |
> |
> |
> |       --
> |       Un saludo,
> |
> |       skarvin
> |       skarvin.blogspot <http://skarvin.blogspot.com>  .com
> |<http://skarvin.blogspot.com>
> |
> |
> |
> |
> |--
> |Un saludo,
> |
> |Isidro Catalán
> |<a href=skarvin.blogspot.com>skarvin.blogspot.com </a>
> |
>
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material.  If the reader of this message is not the intended recipient,
> you are hereby notified that your access is unauthorized, and any review,
> dissemination, distribution or copying of this message including any
> attachments is strictly prohibited.   If you are not the intended
> recipient, please contact the sender and delete the material from any
> computer.
>
>
>


-- 
Un saludo,

Isidro Catalán
<a href=skarvin.blogspot.com>skarvin.blogspot.com</a>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060705/71406de9/attachment.html>


More information about the websecurity mailing list