Hello participants of Mailing List. I will draw your attention to my two articles concerning bypassing of security mechanisms. Which I'll tell you briefly about. In August, among different my articles, I wrote two ones in which I've described my methods of bypassing of security mechanisms at web sites. This topic should be interesting for you. 1. Bypassing of captchas and blocking at web sites http://websecurity.com.ua/5334/ 2. Bypassing of blocking by IP at web sites http://websecurity.com.ua/5352/ In the first article I told about bypassing such protections as captchas and blocking at sites. I saw a lot of web sites with such security mechanisms for last two years (first time I met such one in 2009). And developed this method of bypassing of blocking, and in July I've used it to bypass captcha too. And I've already mentioned about such protection mechanisms and their bypass last year in my article "Using of safety mechanisms for blocking access to the site" (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-August/007003.html). Besides, in this article I wrote about vulnerability in MyBB - as an example of such attacks. Which I've already disclosed at the beginning of the month (http://lists.grok.org.uk/pipermail/full-disclosure/2011-September/082625.html). In the second article, I wrote about bypassing of more robust protection - blocking by IP. After for last time I saw and bypassed such protection mechanisms (captcha and blocking by IP) at one card processing PCI DSS site, I've decided to write these articles. If web developers (and PCI DSSers who should not miss such weaknesses during their audit of the sites) have missed what I wrote about such attacks in my 2010's article. I've not translated them to English. So if somebody will find them interesting (one or both articles), he can request a translation ;-). There are a lot of web sites in Internet which can be attacked with using of such methods. Best wishes & regards, MustLive http://soundcloud.com/mustlive