[WEB SECURITY] Fake Captcha Protection

Bil Corry bil at corry.biz
Tue Apr 29 22:50:54 EDT 2008


Bryan Sullivan wrote on 4/29/2008 7:21 PM: 
> I like Jeremiah’s CAPTCHA effectiveness criteria – is this what you were trying to find?
> http://jeremiahgrossman.blogspot.com/2006/09/captcha-effectiveness-test.html

Should Jeremiah's CAPTCHA ever be invented, it will simply drive more business to India:

-----
Cyber criminals are employing sweatshops in India for as little as $4 a day to defeat anti-spam security checks, according to a recent analysis by net security firm Trend Micro. It reckons miscreants prefer to hire cheap labour rather than using automated techniques to defeat CAPTCHAs - that are only effective 30-35 per cent of the time - or malware-based approaches.

<http://www.theregister.co.uk/2008/04/10/web_mail_throttled/>
-----

Google has a couple of interesting patents that can infer a user's "ethnicity, reading level, age, sex and income":

<http://yro.slashdot.org/article.pl?sid=08/03/22/1314253>

I wonder if the technology can be extended to infer if the user is a bot or from a sweatshop in India?


- Bil



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list