[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Brute Force authentication attack

From: "Joseph Peloquin" <jpelo1@xxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Brute Force authentication attack
Date: Wed, 5 Jul 2006 10:24:57 -0500

------------=_1152113104-301-9
Content-class: urn:content-classes:message
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I see the link fine .. Maybe it was the slashdotting the author speaks of on his homepage *shrug*.

Try: http://sam.zoy.org/pwntcha/

Joey

|-----Original Message-----
|From: skarvin [mailto:skarvin@gmail.com] 
|Sent: Wednesday, July 05, 2006 9:35 AM
|To: Mark Mcdonald
|Cc: websecurity@webappsec.org
|Subject: Re: [WEB SECURITY] Brute Force authentication attack
|
|Hi,
|
|I' cant see any download link, are you sure that this project 
|isn't a hoax? Are you tested it, piltrafilla?
|
|
|
|
|On 7/3/06, Mark Mcdonald < mmcdonald@staff.iinet.net.au> wrote:
|
|	
|
|	You'd be surprised how easy it is to defeat most captchas...
|
|	 
|
|	PWNtcha can defeat heaps of common systems found on the net.
|
|	http://sam.zoy.org/pwntcha/ 
|
|	 
|
|	 
|
|	
|________________________________
|
|
|	From: skarvin [mailto:skarvin@gmail.com] 
|	Sent: Saturday, July 01, 2006 3:39 PM
|	To: Chris Weber
|	Cc: Jeremiah Grossman; Web Security
|	Subject: Re: [WEB SECURITY] Brute Force authentication attack
|
|	 
|
|	Hi,
|	
|	If you use a very simple captcha, maybe you'll be 
|vulnerable to brute force attacks by OCR techniques.
|	
|	
|	On 6/30/06, Chris Weber <chris@lookout.net> wrote:
|	> True is that.  Also "Human Interactive Proof" or HIP, 
|CAPTCHA being more
|	> common, I think.
|	> 
|	> -----Original Message-----
|	> From: Jeremiah Grossman [mailto: 
|jeremiah@whitehatsec.com <mailto:jeremiah@whitehatsec.com> ]
|	> Sent: Friday, June 30, 2006 1:33 PM
|	> To: Web Security
|	> Subject: Re: [WEB SECURITY] Brute Force authentication attack
|	> 
|	> We all get those from time to time. :) 
|	> 
|	> CAPTCHA
|	> "completely automated public Turing test to tell 
|computers and humans apart"
|	> 
|	> On Jun 30, 2006, at 10:41 AM, Schmidt, Albert E wrote:
|	> 
|	> > I am definitely having a senior moment.  Can 
|anybody please tell me 
|	> > what it is called when you have to enter a code 
|displayed in a picture
|	> > when authenticating?  I know this is a control 
|against brute force
|	> > hacking, but for the life of me I cannot remember 
|what it is called. 
|	> >
|	> > 
|----------------------------------------------------------------------
|	> > ------
|	> > The Web Security Mailing List:
|	> > http://www.webappsec.org/lists/websecurity/
|	> >
|	> > The Web Security Mailing List Archives:
|	> > http://www.webappsec.org/lists/websecurity/archive/ 
|	> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
|	> >
|	> 
|	> 
|	> 
|---------------------------------------------------------------
|------------- 
|	> The Web Security Mailing List:
|	> http://www.webappsec.org/lists/websecurity/
|	> 
|	> The Web Security Mailing List Archives:
|	> http://www.webappsec.org/lists/websecurity/archive/
|	> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
|	> 
|	> 
|	> 
|---------------------------------------------------------------
|------------- 
|	> The Web Security Mailing List:
|	> http://www.webappsec.org/lists/websecurity/
|	> 
|	> The Web Security Mailing List Archives:
|	> http://www.webappsec.org/lists/websecurity/archive/
|	> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
|	> 
|	> 
|	
|	
|	
|	-- 
|	Un saludo, 
|	
|	skarvin
|	skarvin.blogspot <http://skarvin.blogspot.com>  .com 
|<http://skarvin.blogspot.com>  
|
|
|
|
|--
|Un saludo,
|
|Isidro Catalán
|<a href=skarvin.blogspot.com>skarvin.blogspot.com </a> 
|

------------=_1152113104-301-9
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Signature

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.


------------=_1152113104-301-9
Content-Type: text/plain; charset=us-ascii

----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
------------=_1152113104-301-9--

Follow-Ups:
- Re: [WEB SECURITY] Brute Force authentication attack
  - From: skarvin

References:
- Re: [WEB SECURITY] Brute Force authentication attack
  - From: skarvin

Prev by Date: Re: [WEB SECURITY] Brute Force authentication attack
Next by Date: Re: [WEB SECURITY] Brute Force authentication attack
Previous by thread: Re: [WEB SECURITY] Brute Force authentication attack
Next by thread: Re: [WEB SECURITY] Brute Force authentication attack
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site