Suggestions for the future on your web site: (was cookies, and

Mike A mikea at mikea.ath.cx
Thu Jan 24 16:25:34 UTC 2013


On Thu, Jan 24, 2013 at 11:00:50AM -0500, Andrew Sullivan wrote:
> On Thu, Jan 24, 2013 at 09:50:15AM -0600, Joe Greco wrote:
> 
> > A CAPTCHA doesn't need to be successful against every possible threat,
> > it merely needs to be effective against some types of threats.  For
> > example, web pages that protect resources with a CAPTCHA are great at
> > making it much more difficult for someone with l33t wget skills from 
> > scraping a website.
> 
> Well, yes and no.  Lately, AFAICT, most CAPTCHAs have been so
> successfully attacked by wgetters that they're quite easy for machines
> to break, but difficult for humans to use.  For example, I can testify
> that I now fail about 25% of the reCAPTCHA challenges I perform,
> because the images are so distorted I just can't make them out (it's
> much worse on my mobile, given the combination if its small screen and
> my middle-aged eyes).
> 
> So it's now more like airport security: a big hassle for the
> legitimate users but not really much of a barrier for a real
> attacker.  A poor trade-off.

"A Modest Proposal": Maybe we need to turn it around and fail on successful
recognition of the CAPTCHA, then?

-- 
Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin 



More information about the NANOG mailing list