Reply New Topic
2011/10/13 5:41:11
#1
Offline
Home away from home

New attacks on CAPTCHAs

It's official - CAPTCHAs are now harder for humans to read than for machines.

In more positive news, the US Predator and Reaper drone fleets are riddled with keylogging viruses, so we might find new and interesting ways to deal with our spammer friends.


2011/10/13 7:32:04
#2
Offline
Home away from home

Re: New attacks on CAPTCHAs

Quote:


Madfish wrote:

In more positive news, the US Predator and Reaper drone fleets are riddled with keylogging viruses, so we might find new and interesting ways to deal with our spammer friends.


The Washington Post: Military says computer virus that hit drone program was designed to go after gaming passwords

_________________
McDonalds Store

2011/10/13 18:33:11
#3
Offline
Home away from home

Re: New attacks on CAPTCHAs

I believe that CAPTCHA will be useless within the next year. For a long time, people have been employed, very cheaply, to circumvent captcha systems. Who needs an automated system, when you can pay to have a person enter the information for you, for pennies an entry?

This is something we do need to consider - how do we authenticate new members? Should we do it ourselves? Should we rely on an authentication service? What about linking authentication to other very public entities, like Facebook and Twitter? What about a physical authentication, through a controlled asset, like Yubikey? But, even that is a bearer type of authentication - if you have the key, you can get in.

More to the question - what responsibility does a CMS have for authentication?

_________________
Christian Web Resources
Facebook

2011/10/14 0:22:52
#4
Offline
Home away from home

Re: New attacks on CAPTCHAs

We need a simple mechanism for assigning trust to people. I quite like the idea of letting people post comments if they submit their email address. The first time they post, their comments are withheld pending moderation. But if approved, their email address gets added to a 'trusted' list where they can comment without moderation in future. This will catch the majority of spammers but also let people contribute without having to open an account or formally sign in.

The idea of forcing people to sign up for an account before they can post probably needs another look, at least for comments. It discourages casual passers-by from contributing, but it doesn't discourage the spammers.


Reply New Topic extras
 Previous Topic   Next Topic
You can view topic.
You can start a new topic.
You can reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You can post without approval.