nanog mailing list archives
Re: Suggestions for the future on your web site: (was cookies, and
From: Joe Greco <jgreco () ns sol net>
Date: Thu, 24 Jan 2013 10:43:26 -0600 (CST)
Well, yes and no. Lately, AFAICT, most CAPTCHAs have been so successfully attacked by wgetters that they're quite easy for machines
I wasn't aware that there was now a -breakCAPTCHA flag to wget. The point I was making is that it's a defense against casual copying of certain types of protected content and other stupid tricks that used to go on. Someone who has made a business out of copying web sites and has arranged to defeat CAPTCHAs is not a casual attacker.
to break, but difficult for humans to use. For example, I can testify that I now fail about 25% of the reCAPTCHA challenges I perform, because the images are so distorted I just can't make them out (it's much worse on my mobile, given the combination if its small screen and my middle-aged eyes).
I agree that this problem has gotten worse; as time goes on, it seems likely that the computers will be able to read CAPTCHA's (and then solve the new generation of CAPTCHA's) more easily than many humans.
So it's now more like airport security: a big hassle for the legitimate users but not really much of a barrier for a real attacker. A poor trade-off.
Don't think we're quite there yet. However, it is certainly moving in that direction. However, Ace Hardware still sells hook-and-eye latches, and that's something to think about. One of the businesses we run here had a "problem"; the website had a "contact us" page that had been recycled out of some script with changes to hardcode where mail went, which didn't stop some exploit script from finding it and then trying to spam through it, which meant all their spam went to the company contact address. The coder who maintained the website noted that only a particularly stupid spammer (or completely automated system of some sort) would try to exploit a script without bothering to check if the mail was being delivered to victims, so he figured that the correct fix was to put a very simple CAPTCHA on it. I was skeptical, since even five years ago I saw the effectiveness of CAPTCHAs as being in severe decline, but you know what, he was right. The CAPTCHA is VERY readable, even has ALT text so you can use it in your favorite text browser, because the point WASN'T to make it impossible (or even difficult) to abuse, but rather to address a particular problem. It helps to keep your perspective on things. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...), (continued)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jimmy Hess (Jan 19)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Matt Palmer (Jan 20)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jean-Francois Mezei (Jan 20)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jimmy Hess (Jan 21)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Rich Kulawiec (Jan 23)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) . (Jan 23)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Rich Kulawiec (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and Joe Greco (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and Andrew Sullivan (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and Mike A (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and Joe Greco (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and David Barak (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and Rich Kulawiec (Jan 25)
- Re: Suggestions for the future on your web site: (was cookies, and Joe Greco (Jan 25)
- Re: Suggestions for the future on your web site: (was cookies, and Michael Thomas (Jan 26)
- Re: Suggestions for the future on your web site: (was cookies, and Jimmy Hess (Jan 26)
- Re: Suggestions for the future on your web site: (was cookies, and Jean-Francois Mezei (Jan 30)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jimmy Hess (Jan 19)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) George Herbert (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jean-Francois Mezei (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Andrew Sullivan (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and Joe Greco (Jan 24)