[Dailydave] confirming it's a person
Isaac Dawson
isaac.dawson at gmail.com
Wed Mar 26 10:51:08 EDT 2008
I think a lot of this is just guess work if we don't know what the purpose
is. Is this to protect a login form on a web site?
One thing that I've always wondered is how well a site that has good state
management will fair against a brute force attempt.
If the user must go through 2-3 actions to login, it should be pretty easy
to determine if that sequence is being repeated more
than is normal for a human as the system can track the progress of where the
user 'is' on the server side.
-isaac
On Wed, Mar 26, 2008 at 3:28 PM, Andre Gironda <andreg at gmail.com> wrote:
> On Mon, Mar 24, 2008 at 2:04 PM, <dan at geer.org> wrote:
> > I would like to RTFM on alternatives to CAPTCHAs,
>
> I recall sending this link to Robert Auger when he was interested in
> gathering research on the current, "state-of-the-art" in CAPTCHA
> technology
> http://www.ocr-research.org.ua
>
> Do per-page tokens or another solution even partly solve the problem
> you are trying to solve?
>
> Cheers,
> Andre
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080326/1959ecfe/attachment.htm
More information about the Dailydave
mailing list