2011/10/13 5:41:11
|
---|
|
New attacks on CAPTCHAsIt's official - CAPTCHAs are now harder for humans to read than for machines.
In more positive news, the US Predator and Reaper drone fleets are riddled with keylogging viruses, so we might find new and interesting ways to deal with our spammer friends. |
2011/10/13 7:32:04
|
---|
|
Re: New attacks on CAPTCHAsQuote:
The Washington Post: Military says computer virus that hit drone program was designed to go after gaming passwords |
_________________
McDonalds Store |
2011/10/13 18:33:11
|
---|
|
Re: New attacks on CAPTCHAsI believe that CAPTCHA will be useless within the next year. For a long time, people have been employed, very cheaply, to circumvent captcha systems. Who needs an automated system, when you can pay to have a person enter the information for you, for pennies an entry?
This is something we do need to consider - how do we authenticate new members? Should we do it ourselves? Should we rely on an authentication service? What about linking authentication to other very public entities, like Facebook and Twitter? What about a physical authentication, through a controlled asset, like Yubikey? But, even that is a bearer type of authentication - if you have the key, you can get in. More to the question - what responsibility does a CMS have for authentication? |
2011/10/14 0:22:52
|
---|
|
Re: New attacks on CAPTCHAsWe need a simple mechanism for assigning trust to people. I quite like the idea of letting people post comments if they submit their email address. The first time they post, their comments are withheld pending moderation. But if approved, their email address gets added to a 'trusted' list where they can comment without moderation in future. This will catch the majority of spammers but also let people contribute without having to open an account or formally sign in.
The idea of forcing people to sign up for an account before they can post probably needs another look, at least for comments. It discourages casual passers-by from contributing, but it doesn't discourage the spammers. |