The Root Cause of CAPTCHA (was Re: CAPTCHA)

[elbbit <elbbit () gmail com>]

On 26/01/11 23:41, Robin Wood wrote:
> On 26 January 2011 07:23, arvind doraiswamy <arvind.doraiswamy () gmail com> wrote:
> > A question though. It should be possible to write a 'targeted bot'
> > which doesn't fill up those fields..rt? Or did I miss something?
> Yes but if the author is going to go to the trouble of looking at your
> form 
^^^  And herein lies the cause.  We need to change people's minds and
remove the motivation to behave this way.  Let's stop using money,
because most bots that I have seen around are used to post links and
pollute the Google index with stuff which earns them money.  Stop using
money as a method to gain food and the problem goes away.  And WE have
to do this, because the people who we have trusted on the TV will just
tell you to keep using money, keep listening to them, keep the money
system going, whatever it takes to keep things as they are, *as they
have defined it for us.*  Do you like what they have defined for us?

Stop using money.  Give people food.  Give people tools and laptops and
everything they need, and they won't want to behave this way.  I have
everything I need as a human in order to survive - and I don't own a
chair, a washing machine, a TV, a fridge or a car.  And I'm still here.
 I'm still educated.  I'm doing just fine.  Me & my laptop - and the
world is just a Wi-Fi packet away.

> This isn't a perfect system but for small sites which aren't likely to
> get targeted then it puts a layer of protection in place and avoids
> putting users through a captcha when one isn't really needed.
For everything that is made can also be un-made.  The sooner we all
realise this truth, the better.  As we continue to use money, this
motivation will not stop.  It will not go away.  It will just be a
continuous battle of thought processes - one side trying to out-think
the other - and it does not have to be this way.  So, you see, it will
never be perfect whilst we have this disagreement.

Does any body have ideas about how we can solve this problem (evolving
from money) by using technology as a means?

elbbit

> Robin
>
>
> > Arvind
> >
> > > -----Original Message-----
> > > From: Robin Wood
> > > Sent: Monday, January 24, 2011 7:49 PM
> > > To: Shang Tsung
> > > Cc: webappsec () securityfocus com
> > > Subject: Re: CAPTCHA
> > >
> > >
> > > On 24 January 2011 15:11, Shang Tsung <shangtsung71 () gmail com> wrote:
> > > > We are planning to use a CAPTCHA in order to stop spam engines from
> > > > filling our Online Forms. From a quick research I made, I found there
> > > > are good and there are bad types of CAPTCHA.
> > > >
> > > > Does anyone know if there are any standard and secure implementations
> > > > of CAPTCHA that we can use?
> > > >
> > > > Any good articles on the subject?
> > >
> > > I hate captchas, always have so I use a reverse captcha on sites that
> > > I build. You add a field to the form with name and id of email. You
> > > then give it a label that says "Please leave blank" and hide them both
> > > with CSS. Most people won't see them because the CSS works, even if
> > > they do see them they read the message and obey. Spam engines on the
> > > other hand spot the email field and happily fill it in. You then
> > > silently drop any contact forms with values in the email field.
> > >
> > > Normal humans aren't affected and you trick most generic bots.
> > >
> > > Robin


-- 

elbbit



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------