[WEB SECURITY] Fake Captcha Protection
The Burmese Hacker
hacker.ak at gmail.com
Tue Apr 29 07:29:07 EDT 2008
Hello all
A lot of web sites are using Fake Captcha Protection which can be
defeated by "Replay" Attack.
Recently, I found this hole in Ning.com, a growing social network site.
How many bad guys have defeated those?
Some captcha creation tutorials are also vulnerable to 'Replay' attack.
Newbie developers are mis-using them in their applications.
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list