[WEB SECURITY] Fake Captcha Protection

The Burmese Hacker hacker.ak at gmail.com
Tue Apr 29 07:29:07 EDT 2008


Hello all

A lot of web sites are using Fake Captcha Protection which can be
defeated by "Replay" Attack.
Recently, I found this hole in Ning.com, a growing social network site.

How many bad guys have defeated those?

Some captcha creation tutorials are also vulnerable to 'Replay' attack.
Newbie developers are mis-using them in their applications.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list