[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Fake Captcha Protection

From: "The Burmese Hacker" <hacker.ak@xxxxxxxxx>
Subject: [WEB SECURITY] Fake Captcha Protection
Date: Mon, 28 Apr 2008 23:29:07 -1200

Hello all

A lot of web sites are using Fake Captcha Protection which can be
defeated by "Replay" Attack.
Recently, I found this hole in Ning.com, a growing social network site.

How many bad guys have defeated those?

Some captcha creation tutorials are also vulnerable to 'Replay' attack.
Newbie developers are mis-using them in their applications.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] Fake Captcha Protection
  - From: Chris Weber \(Casaba Security\)

Prev by Date: AW: [WEB SECURITY] Announcing the Web Application Security Roadmap v0.9
Next by Date: RE: [WEB SECURITY] Fake Captcha Protection
Previous by thread: AW: [WEB SECURITY] Announcing the Web Application Security Roadmap v0.9
Next by thread: RE: [WEB SECURITY] Fake Captcha Protection
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site