|
|
Posted by Schraalhans Keukenmeester on 05/09/07 16:03
At Wed, 09 May 2007 15:28:09 +0000, David Gillen let his monkeys type:
> let@it.snow said:
>>>> When one of your 'close to 60' customers finally wakes up and realizes
>>>> how they've been scammed, I would suggest you give them a link to a real
>>>> CAPTCHA, with real security. Luckily, quite a few of them are available
>>>> for free; for example, QuickCaptcha:
>>>> <http://www.web1marketing.com/resources/tools/quickcaptcha/>.
>>>
>>
> FYI, most captchas out there have been broken, and the ones that haven't more
> often than not throw up something which is completely illegible to the end
> user.
>
> D.
By broken, do you mean someone OCR'ed the contents of the random captcha
images, or was able to link the form data to the correct captcha
string? I agree quite a few captchas are like lotteries, completely
illegible. But I've not seen many live examples of succesful
captcha-cracking based on image scanning.
In reality, it all depends of course how big the target audience is. I've
made sites using simple 'what's ONE plus ELEVEN' type checking that never
have been compromised, probably simply because the benefits don't
outweigh the work involved.
As an addition/alternative to captcha's, consider utilities like Bad
Behaviour or similar, that analyze the http requests and compare them to
known, blacklisted ones.
Another, more advanced captcha idea (somehow hasn't become popular - yet)
is based on man's incredible ability to recognize and match known faces,
even if they differ hugely in separate images. (same reason we see faces
in clouds, the burn pattern on our pizza bottom, or the marble tiles in
the loo.) I know serious experiments have been undertaken years ago
already to replace pin-code bases teller machines with a set of memorized
faces. Far easier to remember, and almost impossible to share with others.
Sh.
Navigation:
[Reply to this message]
|