[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Brute Force authentication attack

------=_Part_57647_13575918.1151739536045
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

If you use a very simple captcha, maybe you'll be vulnerable to brute force
attacks by OCR techniques.


On 6/30/06, Chris Weber <chris@lookout.net> wrote:
> True is that.  Also "Human Interactive Proof" or HIP, CAPTCHA being more
> common, I think.
>
> -----Original Message-----
> From: Jeremiah Grossman [mailto:jeremiah@whitehatsec.com]
> Sent: Friday, June 30, 2006 1:33 PM
> To: Web Security
> Subject: Re: [WEB SECURITY] Brute Force authentication attack
>
> We all get those from time to time. :)
>
> CAPTCHA
> "completely automated public Turing test to tell computers and humans
apart"
>
> On Jun 30, 2006, at 10:41 AM, Schmidt, Albert E wrote:
>
> > I am definitely having a senior moment.  Can anybody please tell me
> > what it is called when you have to enter a code displayed in a picture
> > when authenticating?  I know this is a control against brute force
> > hacking, but for the life of me I cannot remember what it is called.
> >
> > ----------------------------------------------------------------------
> > ------
> > The Web Security Mailing List:
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives:
> > http://www.webappsec.org/lists/websecurity/archive/
> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >
>
>
>
----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
>
----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>



-- 
Un saludo,

skarvin
skarvin.blogspot <http://skarvin.blogspot.com>.com<http://skarvin.blogspot.com>

------=_Part_57647_13575918.1151739536045
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,<br><br>If you use a very simple captcha, maybe you'll be vulnerable to brute force attacks by OCR techniques.<br><br><br>On 6/30/06, Chris Weber &lt;<a href="mailto:chris@lookout.net";>chris@lookout.net</a>&gt; wrote:<br>
&gt; True is that.&nbsp;&nbsp;Also &quot;Human Interactive Proof&quot; or HIP, CAPTCHA being more<br>&gt; common, I think.<br>&gt; <br>&gt; -----Original Message-----<br>&gt; From: Jeremiah Grossman [mailto:<a href="mailto:jeremiah@whitehatsec.com";>
jeremiah@whitehatsec.com</a>]<br>&gt; Sent: Friday, June 30, 2006 1:33 PM<br>&gt; To: Web Security<br>&gt; Subject: Re: [WEB SECURITY] Brute Force authentication attack<br>&gt; <br>&gt; We all get those from time to time. :)
<br>&gt; <br>&gt; CAPTCHA<br>&gt; &quot;completely automated public Turing test to tell computers and humans apart&quot;<br>&gt; <br>&gt; On Jun 30, 2006, at 10:41 AM, Schmidt, Albert E wrote:<br>&gt; <br>&gt; &gt; I am definitely having a senior moment.&nbsp;&nbsp;Can anybody please tell me
<br>&gt; &gt; what it is called when you have to enter a code displayed in a picture<br>&gt; &gt; when authenticating?&nbsp;&nbsp;I know this is a control against brute force<br>&gt; &gt; hacking, but for the life of me I cannot remember what it is called.
<br>&gt; &gt;<br>&gt; &gt; ----------------------------------------------------------------------<br>&gt; &gt; ------<br>&gt; &gt; The Web Security Mailing List:<br>&gt; &gt; <a href="http://www.webappsec.org/lists/websecurity/";>
http://www.webappsec.org/lists/websecurity/</a><br>&gt; &gt;<br>&gt; &gt; The Web Security Mailing List Archives:<br>&gt; &gt; <a href="http://www.webappsec.org/lists/websecurity/archive/";>http://www.webappsec.org/lists/websecurity/archive/
</a><br>&gt; &gt; <a href="http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br>&gt; &gt;<br>&gt; <br>&gt; <br>&gt; ----------------------------------------------------------------------------
<br>&gt; The Web Security Mailing List:<br>&gt; <a href="http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.org/lists/websecurity/</a><br>&gt; <br>&gt; The Web Security Mailing List Archives:<br>&gt; <a href="http://www.webappsec.org/lists/websecurity/archive/";>
http://www.webappsec.org/lists/websecurity/archive/</a><br>&gt; <a href="http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br>&gt; <br>&gt; <br>&gt; ----------------------------------------------------------------------------
<br>&gt; The Web Security Mailing List:<br>&gt; <a href="http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.org/lists/websecurity/</a><br>&gt; <br>&gt; The Web Security Mailing List Archives:<br>&gt; <a href="http://www.webappsec.org/lists/websecurity/archive/";>
http://www.webappsec.org/lists/websecurity/archive/</a><br>&gt; <a href="http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br>&gt; <br>&gt; <br><br><br><br>-- <br>Un saludo,
<br><br><span style="font-weight: bold;">skarvin</span><br><a href="http://skarvin.blogspot.com";>skarvin.blogspot</a><a href="http://skarvin.blogspot.com";>.com</a>

------=_Part_57647_13575918.1151739536045--
Brought to you by http://www.webappsec.org
Search this site