People openly admitted to writing and using scripts to guess missing characters from private giveaway links a few days ago. That was the first night I saw the site slow down significantly for a long period of time. It has been slow a lot more often since.
Comment has been collapsed.
23 Comments - Last post 1 hour ago by Adamdoodles
46 Comments - Last post 1 hour ago by lostsoul67
202 Comments - Last post 3 hours ago by duville
28 Comments - Last post 6 hours ago by DeliberateTaco
47,383 Comments - Last post 6 hours ago by Axelflox
4 Comments - Last post 6 hours ago by Sachys
16,952 Comments - Last post 11 hours ago by Csiki
379 Comments - Last post 7 minutes ago by ArFai
143 Comments - Last post 12 minutes ago by Butterkatt
30,192 Comments - Last post 1 hour ago by MLD
11,268 Comments - Last post 2 hours ago by vlbastos
17,706 Comments - Last post 3 hours ago by Filipi
753 Comments - Last post 3 hours ago by vlbastos
163 Comments - Last post 3 hours ago by Moogal
typical example is Microsoft's Human Interactive Proof named Assira
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
now don't be fooled even these can be 'broken' if the attack vector is aimed on the code
(there is limited amount of choices so even 0.1% ratio for bot-net is fine )
one of attack examples is create database of all the pictures with pre-marked what they are (thus bot has answer beforehand)
http://crypto.stanford.edu/~pgolle/papers/dogcat.html which shows up to 82% chance to break
another example is KittenAuth: http://thepcspy.com/ but it has same problem of pictures being taggeable / limited supply
i would suggest use this method for account 'activation' (when it's implement it should be forced upon everyone once)
another example is 3D captcha / isometric (where the text is picture 3D render / angled )
http://code.google.com/p/3dcaptcha/
but even that might be broken if the source generator is 'known' for reverse engineering ...
another try http://spamfizzle.com/CAPTCHA.aspx via 3D generated pictures and tagging
different angle is usage of Human made question and Human defined answer for that Question
the only partially working system is IBM's Watson http://www.ibm.com/innovation/us/watson/index.html
how would that work ?
as author of giveaway i fill up two fields
Example, simple:
Example, more complex
of course You as author of giveaway may decide how complex this question will be
(if it needs brain or just search to solve)
please realize that even the Question and Answer can be rigged (if the answer is known it can be used on N bots)
combination of at least 2 methods would be needed to show some 'results' (isometric / picture recognize + question/answer)
p.s. i wrote this as reaction on the endless amount of useless ideas with captcha/re-captcha (hint, OCR vs re-try)
http://www.darkreading.com/authentication/167901072/security/vulnerabilities/226700514/index.html
read http://www.allspammedup.com/2011/01/google-recaptcha-cracked/
Comment has been collapsed.