2008-09-14_OWASP_Israel_2008

20 %
80 %
Information about 2008-09-14_OWASP_Israel_2008
Spiritual-Inspirational

Published on November 28, 2008

Author: aSGuest4284

Source: authorstream.com

CAPTCHAThe Image We All Love To Hate : CAPTCHAThe Image We All Love To Hate Shay Zalalichin and Avi Douglen Comsec Consulting http://www.ComsecGlobal.com/ Israel 2008 September 14 Introduction : 2 Introduction Completely Automated Public Turing Test to Tell Computers and Humans Apart CAPTCHA Techniques : 3 CAPTCHA Techniques Background Colors Patterns Distortion Warping Perturbation Lines Text Non-Alpha Fonts Sizes Crowding Deformation Rotation Common Uses : 4 Common Uses Account Registration Blog Comments Contact Us Forms Data Enumeration Online Polls Search Engine Bots Worms Authentication Mechanism CSRF Implementation Attacks – Example : 5 Implementation Attacks – Example captcha_image.php?x=-8&y=20&l=12 (x + 12, y – 17) <input type="hidden" name=“cap" value="c4ca4238a0b923820dcc509a6f75849b"> - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless Implementation Attacks – More Example : 6 Implementation Attacks – More Example Solution as part of Image Id Static Solution per Image Id Multiple Solution Attempts on Single Image Small number of repeated images / Limited solution space Dataflow Bypass Attacks – Automatic Recognition : 7 Attacks – Automatic Recognition Optical Character Recognition (OCR) Preprocessing Segmentation Classification Success Rates 20% success for Gmail 30-35% success for Hotmail 60-90% success for most others… Speech-to-Text Slide 8: 8 - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless Slide 9: 9 - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless Slide 10: 10 Other Approaches : 11 Other Approaches Slide 12: 12 Slide 13: 13 Attacks using the Human Factor : 14 Attacks using the Human Factor CAPTCHA Proxies Pornography sites Games Etc. CAPTCHA Farms Cheap Workers Indian / Romanian / Far East / … Between 2$ - 4$ per 1000 CAPTCHAs Slide 15: 15 - Jeremiah Grossman, Blackhat 2008, Get Rich or Die Trying Slide 16: 16 Conclusion : 17 Conclusion CAPTCHA doesn’t work What it does do, does badly And it’s broken, besides… Bad solution for the wrong problem In the meantime:Don’t use CAPTCHA for sensitive resources

Add a comment

Related presentations

Related pages

File:2008-09-14 OWASP Israel 2008.ppt - OWASP

Warning: This file type may contain malicious code. By executing it, your system may be compromised.
Read more

OWASP Plan - Strawman

http://www.owasp.org ... The Image We All Love To Hate Shay Zalalichin and Avi Douglen Comsec Consulting
Read more

Ppt Comsec | Powerpoint Presentations and Slides » View ...

Find PowerPoint Presentations and Slides using the power of ... //www.owasp.org/images/6/66/2008-09-14_OWASP_Israel_2008.ppt. Introduction to ...
Read more

Ppt Techniques-comsec | Powerpoint Presentations and ...

Find PowerPoint Presentations and Slides using the power of XPowerPoint.com, ... //www.owasp.org/images/6/66/2008-09-14_OWASP_Israel_2008.ppt. Lecture 1 PPT.
Read more

comsec PPT Powerpoint Presentations and Slides - View and ...

comsec - PPT slides, PowerPoint presentations for download ... https://www.owasp.org/images/6/66/2008-09-14_OWASP_Israel_2008.ppt. Top Actions.
Read more

defcon PPT Powerpoint Presentations and Slides - View and ...

https://www.owasp.org/images/6/66/2008-09-14_OWASP_Israel_2008.ppt. Physics 180
Read more