Gmail and SSL
Rich Kulawiec
rsk at gsp.org
Mon Dec 31 11:44:34 UTC 2012
On Sun, Dec 30, 2012 at 10:26:36PM -0600, Jimmy Hess wrote:
> These CA's will normally require interactions be done through a web
> site, there will often be captchas or other methods involved in
> applying for a certificate that are difficult to automate.
You're kidding, right? Captchas have been quite, quite thoroughly beaten
for some time now. See, among others:
http://www.physorg.com/news/2011-11-stanford-outsmart-captcha-codes.html
http://cintruder.sourceforge.net/
http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/
http://arstechnica.com/news.ars/post/20080415-gone-in-60-seconds-spambot-cracks-livehotmail-captcha.html
http://www.troyhunt.com/2012/01/breaking-captcha-with-automated-humans.html
http://it.slashdot.org/article.pl?sid=08/10/14/1442213
---rsk
More information about the NANOG
mailing list