[WEB SECURITY] Fake Captcha Protection
Bil Corry
bil at corry.biz
Tue Apr 29 22:50:54 EDT 2008
Bryan Sullivan wrote on 4/29/2008 7:21 PM:
> I like Jeremiah’s CAPTCHA effectiveness criteria – is this what you were trying to find?
> http://jeremiahgrossman.blogspot.com/2006/09/captcha-effectiveness-test.html
Should Jeremiah's CAPTCHA ever be invented, it will simply drive more business to India:
-----
Cyber criminals are employing sweatshops in India for as little as $4 a day to defeat anti-spam security checks, according to a recent analysis by net security firm Trend Micro. It reckons miscreants prefer to hire cheap labour rather than using automated techniques to defeat CAPTCHAs - that are only effective 30-35 per cent of the time - or malware-based approaches.
<http://www.theregister.co.uk/2008/04/10/web_mail_throttled/>
-----
Google has a couple of interesting patents that can infer a user's "ethnicity, reading level, age, sex and income":
<http://yro.slashdot.org/article.pl?sid=08/03/22/1314253>
I wonder if the technology can be extended to infer if the user is a bot or from a sweatshop in India?
- Bil
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list