People openly admitted to writing and using scripts to guess missing characters from private giveaway links a few days ago. That was the first night I saw the site slow down significantly for a long period of time. It has been slow a lot more often since.
Comment has been collapsed.
32 Comments - Last post 29 minutes ago by DarthLonginus
962 Comments - Last post 41 minutes ago by Kurajberovic
14 Comments - Last post 1 hour ago by Stakaniy
32 Comments - Last post 1 hour ago by schmetti
52 Comments - Last post 1 hour ago by Rabban
29 Comments - Last post 2 hours ago by Mayanaise
305 Comments - Last post 5 hours ago by BarbaricGenie
802 Comments - Last post 4 minutes ago by A10i
710 Comments - Last post 4 minutes ago by ZhaiZai
1,995 Comments - Last post 16 minutes ago by reigifts
8 Comments - Last post 38 minutes ago by opalss2
113 Comments - Last post 1 hour ago by MarvashMagalli
1,008 Comments - Last post 1 hour ago by schmetti
260 Comments - Last post 1 hour ago by Patxxv
typical example is Microsoft's Human Interactive Proof named Assira
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
now don't be fooled even these can be 'broken' if the attack vector is aimed on the code
(there is limited amount of choices so even 0.1% ratio for bot-net is fine )
one of attack examples is create database of all the pictures with pre-marked what they are (thus bot has answer beforehand)
http://crypto.stanford.edu/~pgolle/papers/dogcat.html which shows up to 82% chance to break
another example is KittenAuth: http://thepcspy.com/ but it has same problem of pictures being taggeable / limited supply
i would suggest use this method for account 'activation' (when it's implement it should be forced upon everyone once)
another example is 3D captcha / isometric (where the text is picture 3D render / angled )
http://code.google.com/p/3dcaptcha/
but even that might be broken if the source generator is 'known' for reverse engineering ...
another try http://spamfizzle.com/CAPTCHA.aspx via 3D generated pictures and tagging
different angle is usage of Human made question and Human defined answer for that Question
the only partially working system is IBM's Watson http://www.ibm.com/innovation/us/watson/index.html
how would that work ?
as author of giveaway i fill up two fields
Example, simple:
Example, more complex
of course You as author of giveaway may decide how complex this question will be
(if it needs brain or just search to solve)
please realize that even the Question and Answer can be rigged (if the answer is known it can be used on N bots)
combination of at least 2 methods would be needed to show some 'results' (isometric / picture recognize + question/answer)
p.s. i wrote this as reaction on the endless amount of useless ideas with captcha/re-captcha (hint, OCR vs re-try)
http://www.darkreading.com/authentication/167901072/security/vulnerabilities/226700514/index.html
read http://www.allspammedup.com/2011/01/google-recaptcha-cracked/
Comment has been collapsed.