People openly admitted to writing and using scripts to guess missing characters from private giveaway links a few days ago. That was the first night I saw the site slow down significantly for a long period of time. It has been slow a lot more often since.
Comment has been collapsed.
2,292 Comments - Last post 4 minutes ago by hbarkas
215 Comments - Last post 21 minutes ago by Georgeous
1,101 Comments - Last post 22 minutes ago by eeev
42 Comments - Last post 23 minutes ago by misterhaan
171 Comments - Last post 47 minutes ago by Fluffster
34 Comments - Last post 2 hours ago by Bomfist
16,599 Comments - Last post 4 hours ago by HomieOhmie
505 Comments - Last post 10 minutes ago by maruten
3 Comments - Last post 31 minutes ago by venturercatt
1,538 Comments - Last post 43 minutes ago by Bastruk
2,675 Comments - Last post 44 minutes ago by Bastruk
37 Comments - Last post 55 minutes ago by quijote3000
2,844 Comments - Last post 1 hour ago by Venonat
6,582 Comments - Last post 1 hour ago by kittenpurrgirl
typical example is Microsoft's Human Interactive Proof named Assira
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
now don't be fooled even these can be 'broken' if the attack vector is aimed on the code
(there is limited amount of choices so even 0.1% ratio for bot-net is fine )
one of attack examples is create database of all the pictures with pre-marked what they are (thus bot has answer beforehand)
http://crypto.stanford.edu/~pgolle/papers/dogcat.html which shows up to 82% chance to break
another example is KittenAuth: http://thepcspy.com/ but it has same problem of pictures being taggeable / limited supply
i would suggest use this method for account 'activation' (when it's implement it should be forced upon everyone once)
another example is 3D captcha / isometric (where the text is picture 3D render / angled )
http://code.google.com/p/3dcaptcha/
but even that might be broken if the source generator is 'known' for reverse engineering ...
another try http://spamfizzle.com/CAPTCHA.aspx via 3D generated pictures and tagging
different angle is usage of Human made question and Human defined answer for that Question
the only partially working system is IBM's Watson http://www.ibm.com/innovation/us/watson/index.html
how would that work ?
as author of giveaway i fill up two fields
Example, simple:
Example, more complex
of course You as author of giveaway may decide how complex this question will be
(if it needs brain or just search to solve)
please realize that even the Question and Answer can be rigged (if the answer is known it can be used on N bots)
combination of at least 2 methods would be needed to show some 'results' (isometric / picture recognize + question/answer)
p.s. i wrote this as reaction on the endless amount of useless ideas with captcha/re-captcha (hint, OCR vs re-try)
http://www.darkreading.com/authentication/167901072/security/vulnerabilities/226700514/index.html
read http://www.allspammedup.com/2011/01/google-recaptcha-cracked/
Comment has been collapsed.