People openly admitted to writing and using scripts to guess missing characters from private giveaway links a few days ago. That was the first night I saw the site slow down significantly for a long period of time. It has been slow a lot more often since.
Comment has been collapsed.
170 Comments - Last post 4 minutes ago by Freilyreydia
34 Comments - Last post 10 minutes ago by Bomfist
2,284 Comments - Last post 1 hour ago by Axelflox
16,599 Comments - Last post 1 hour ago by HomieOhmie
534 Comments - Last post 1 hour ago by Hawkingmeister
258 Comments - Last post 1 hour ago by RobbyRatpoison
212 Comments - Last post 1 hour ago by sensualshakti
311 Comments - Last post 1 second ago by yugimax
29,264 Comments - Last post 6 minutes ago by herbesdeprovence
123 Comments - Last post 16 minutes ago by Daniellejake
1 Comments - Last post 18 minutes ago by steveywonder75
191 Comments - Last post 21 minutes ago by Inferno955
42 Comments - Last post 23 minutes ago by AmikoNovich
523 Comments - Last post 59 minutes ago by Ninglor03
typical example is Microsoft's Human Interactive Proof named Assira
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
now don't be fooled even these can be 'broken' if the attack vector is aimed on the code
(there is limited amount of choices so even 0.1% ratio for bot-net is fine )
one of attack examples is create database of all the pictures with pre-marked what they are (thus bot has answer beforehand)
http://crypto.stanford.edu/~pgolle/papers/dogcat.html which shows up to 82% chance to break
another example is KittenAuth: http://thepcspy.com/ but it has same problem of pictures being taggeable / limited supply
i would suggest use this method for account 'activation' (when it's implement it should be forced upon everyone once)
another example is 3D captcha / isometric (where the text is picture 3D render / angled )
http://code.google.com/p/3dcaptcha/
but even that might be broken if the source generator is 'known' for reverse engineering ...
another try http://spamfizzle.com/CAPTCHA.aspx via 3D generated pictures and tagging
different angle is usage of Human made question and Human defined answer for that Question
the only partially working system is IBM's Watson http://www.ibm.com/innovation/us/watson/index.html
how would that work ?
as author of giveaway i fill up two fields
Example, simple:
Example, more complex
of course You as author of giveaway may decide how complex this question will be
(if it needs brain or just search to solve)
please realize that even the Question and Answer can be rigged (if the answer is known it can be used on N bots)
combination of at least 2 methods would be needed to show some 'results' (isometric / picture recognize + question/answer)
p.s. i wrote this as reaction on the endless amount of useless ideas with captcha/re-captcha (hint, OCR vs re-try)
http://www.darkreading.com/authentication/167901072/security/vulnerabilities/226700514/index.html
read http://www.allspammedup.com/2011/01/google-recaptcha-cracked/
Comment has been collapsed.