Schneier on Security
A blog covering security and security technology.
« Securing iPads for Exams |
| Friday Squid Blogging: Squid's Beard »
February 10, 2012
Posted on February 10, 2012 at 2:08 PM
• 11 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
For full effect, read the article in GlaDOS' voice.
@kaellinn18: Why not the space core's voice?
Or HAL 9000's voice, depending on your preference.
The whole thing is rather accurate. Especially the security questions that everyone knows the answers to.
Suprise someone didn't mention the waving flag captcha shown here:
I think it's easier to read, but no frame has all the characters visible at once so AI has a harder time.
(Next up on AI challenges, add persistence of vision feature...)
I though the classic XKCD was xkcd.com/565/ -- real Internet police!
I once had a spam-bot problem on a site I ran, and as an interim measure, I added a static "captcha" that simply said "Foo" in plain, easy-to-read letters.
It worked for quite a while.
> I once had a spam-bot problem on a
> site I ran, and as an interim measure,
> I added a static "captcha" that simply
> said "Foo" in plain, easy-to-read letters.
That (or even using the text of the page to tell the user what to type) is good enough to defeat a lot of the simple generic bots that crawl the web posting spam on a lot of different sites, because they're designed to pick off the low-hanging fruit, and there are a lot of sites out there with, for whatever reason, no CAPTCHA at all. Even attempting to post the message on moderated blogs, like on Blogger, gets a decent ROI for these bots, because it's dead easy and usually gets *one* person (the blog owner) to see the message.
However, if you run a site that's going to get targeted specifically (like any really popular forum or wiki or webmail service) then you're going to have to deal with bots that can do at least basic OCR and maybe more.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.