[Dailydave] confirming it's a person

Jonathan Wilkins jwilkins at gmail.com
Wed Mar 26 14:39:52 EDT 2008 

Algorithms like SIFT (
http://en.wikipedia.org/wiki/Scale-invariant_feature_transform)
make this even more accurate.

FWIW, here's my opinion on the technology.  Some of this is from memory.
First, they're ok with a 1/4096 success rate from random guesses according
to
their paper.  They say that they have a very large database to pull from
(all
of the previously posted data that attackers wouldn't have access to) but
I'm
figuring that adding a few thousand pre-tagged animals to the mix every week
(the animals available for adoption currently) in combination with the fact
that
attackers can farm out solving them and also save correct answers means that

the attacker's cost declines over time and their success rate increases.

Not good characteristics.

On Wed, Mar 26, 2008 at 10:21 AM, Stefan Wagner <ffm.stefan at googlemail.com>
wrote:

> >  I think we have already discussed this topic, and someone said we could
> >  use pictures of cats and other animals and ask the user to count the
> >  number of cats on the photos.
> >
> >  Microsoft is working on this, it looks promising.
> >
> >  http://research.microsoft.com/asirra/
>
> I think a weak point may be that petfinder.com pictures are available
> to the public too.
>
> An Attacker could let some bots crawl petfinder.com by Category, grab
> the thumbnails
> (or the big pictures) and resize 'em to asirra thumbnail size (to
> avoid the bottom text "petfinder.com"
> Logo on asirra big pictures) and put some CRC of that into a DB (maybe
> even make it b/w and
> low-res, only take specified part(s) of the picture for the CRC and so
> on). This sure won't be perfect, but
> for some usable percentage i think it may currently work.
>
> Regards,
>  Stefan
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080326/cc49a5e0/attachment.htm

More information about the Dailydave mailing list