People openly admitted to writing and using scripts to guess missing characters from private giveaway links a few days ago. That was the first night I saw the site slow down significantly for a long period of time. It has been slow a lot more often since.
Comment has been collapsed.
9 Comments - Last post 7 minutes ago by Annoyer13
312 Comments - Last post 12 minutes ago by MaxiBoi1357
43 Comments - Last post 50 minutes ago by wigglenose
1 Comments - Last post 1 hour ago by FateOfOne
62 Comments - Last post 1 hour ago by terrascura
966 Comments - Last post 1 hour ago by damianea103
26 Comments - Last post 2 hours ago by doomofdoom
804 Comments - Last post 7 minutes ago by ManowGamer
5 Comments - Last post 11 minutes ago by AliSama
960 Comments - Last post 12 minutes ago by ManowGamer
30,157 Comments - Last post 18 minutes ago by Masafor
222 Comments - Last post 26 minutes ago by Eigan123
1,599 Comments - Last post 30 minutes ago by ManowGamer
316 Comments - Last post 32 minutes ago by Fluffster
typical example is Microsoft's Human Interactive Proof named Assira
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
now don't be fooled even these can be 'broken' if the attack vector is aimed on the code
(there is limited amount of choices so even 0.1% ratio for bot-net is fine )
one of attack examples is create database of all the pictures with pre-marked what they are (thus bot has answer beforehand)
http://crypto.stanford.edu/~pgolle/papers/dogcat.html which shows up to 82% chance to break
another example is KittenAuth: http://thepcspy.com/ but it has same problem of pictures being taggeable / limited supply
i would suggest use this method for account 'activation' (when it's implement it should be forced upon everyone once)
another example is 3D captcha / isometric (where the text is picture 3D render / angled )
http://code.google.com/p/3dcaptcha/
but even that might be broken if the source generator is 'known' for reverse engineering ...
another try http://spamfizzle.com/CAPTCHA.aspx via 3D generated pictures and tagging
different angle is usage of Human made question and Human defined answer for that Question
the only partially working system is IBM's Watson http://www.ibm.com/innovation/us/watson/index.html
how would that work ?
as author of giveaway i fill up two fields
Example, simple:
Example, more complex
of course You as author of giveaway may decide how complex this question will be
(if it needs brain or just search to solve)
please realize that even the Question and Answer can be rigged (if the answer is known it can be used on N bots)
combination of at least 2 methods would be needed to show some 'results' (isometric / picture recognize + question/answer)
p.s. i wrote this as reaction on the endless amount of useless ideas with captcha/re-captcha (hint, OCR vs re-try)
http://www.darkreading.com/authentication/167901072/security/vulnerabilities/226700514/index.html
read http://www.allspammedup.com/2011/01/google-recaptcha-cracked/
Comment has been collapsed.