Re: [tlug] CAPTCHA on keitai

["Stephen J. Turnbull" <stephen@example.com>]

Curt Sampson writes:

 > On 2008-03-25 08:43 +0900 (Tue), Stephen J. Turnbull wrote:
 > 
 > > I wouldn't be surprised if a captcha like this one:
 > > 
 > > <form action="login.cgi">
 > > Please type the word "captcha": <input type="text" value="gotcha" />
 > > </form>
 > > 
 > > worked just as well.
 > 
 > Now you're getting it!

Obviously not; why bother with something as heavy as an image if 6
bytes will serve?

 > > Are you seriously arguing that because security through obscurity
 > > works in the short run, it's worth very much effort?
 > 
 > Yes. It's a short-term fix that's right up there with all of the other
 > short term fixes.
 > 
 > If you're targeted, there's not a lot you can do. If you're not, you
 > can get away with very little.

Yeah, but why bother with something as heavyweight and user-hostile as
captchas?

 > Yes, but which one? How about this form?

All of them, of course.

 > Don't take this the wrong way, since I completely respect you, but if
 > you've not heard of this stuff,

You misread.  See Josh's reply.

 > a cute thing out of these dozen pictures" is a capcha technique that's
 > now a few years old; I'll dig up the article for you if you like.

Sure, if it contains the information about how it has been broken by
the spammers.  But I'll bet that it had *other* problems, not that it
had been broken.