[WEB SECURITY] Fake Captcha Protection

Bil Corry bil at corry.biz
Tue Apr 29 22:50:54 EDT 2008

Bryan Sullivan wrote on 4/29/2008 7:21 PM: 
> I like Jeremiah’s CAPTCHA effectiveness criteria – is this what you were trying to find?
> http://jeremiahgrossman.blogspot.com/2006/09/captcha-effectiveness-test.html

Should Jeremiah's CAPTCHA ever be invented, it will simply drive more business to India:

Cyber criminals are employing sweatshops in India for as little as $4 a day to defeat anti-spam security checks, according to a recent analysis by net security firm Trend Micro. It reckons miscreants prefer to hire cheap labour rather than using automated techniques to defeat CAPTCHAs - that are only effective 30-35 per cent of the time - or malware-based approaches.


Google has a couple of interesting patents that can infer a user's "ethnicity, reading level, age, sex and income":


I wonder if the technology can be extended to infer if the user is a bot or from a sweatshop in India?

- Bil

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list