Re: [tlug] CAPTCHA on keitai

[Curt Sampson <cjs@example.com>]

On 2008-03-25 08:43 +0900 (Tue), Stephen J. Turnbull wrote:

> I wouldn't be surprised if a captcha like this one:
> 
> <form action="login.cgi">
> Please type the word "captcha": <input type="text" value="gotcha" />
> </form>
> 
> worked just as well.

Now you're getting it!

> Are you seriously arguing that because security through obscurity
> works in the short run, it's worth very much effort?

Yes. It's a short-term fix that's right up there with all of the other
short term fixes.

If you're targeted, there's not a lot you can do. If you're not, you
can get away with very little.

> (BTW, what is Meatball Wiki? At first I thought it was supposed to be
> a take off on "Media Wiki", but it doesn't seem to be the case.)

One of the older wikis, definitely older that MediaWiki, but not as old
as c2. Speaking of which, Wikipedia is your friend.

> Why is any hacker with half a brain going to be looking for a field
> name?  They just look for a type="text" INPUT element in a form
> containing an IMG element.  That's probably halfway there.

Yes, but which one? How about this form?

    Your name: <input type="text" name="capcha">
    Enter this: <img src="..."> <input type="text" name="name">

> Really?  I've never heard an audio captcha, nor have I seen one that
> asks for a picture of a common object, rather than distorted text, to
> be identified.

Don't take this the wrong way, since I completely respect you, but if
you've not heard of this stuff, you're a bit behind the times. "Identify
a cute thing out of these dozen pictures" is a capcha technique that's
now a few years old; I'll dig up the article for you if you like. (I
think it may have been called "kitten capcha" or something like that.)

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974   
Mobile sites and software consulting: http://www.starling-software.com