Re: Web User Verification Screens
- From: "E.J. Zufelt" <lists@xxxxxxxxx>
- To: programmingblind@xxxxxxxxxxxxx
- Date: Tue, 17 Aug 2010 12:38:06 -0400
On 2010-08-17, at 12:11 PM, Chris Hofstader wrote:
> Of course, inverse grade 2 that only uses contractions would be another good
> cipher that a bot looking for some relatively "normal" range of ASCII or code
> page based characters and these would find a spot in these tables but be
> entirely wrong when the translation is performed by the bot. The encoded G2
> braille could be a pointer to anther place on the screen entirely where a
> phone number missing digits or something may reside.
>
> Hiding in plain site is often the best disguise. The bots will overcomplicate
> things as that's what they think the security dude did; simple inversions and
> offsets should work great.
>
> Ask Vanderheiden how his works, it couldn't be simpler and and it works great
> but not for people with hearing problems.
>
The problem with this is that the CAPTCHA would still need to be solved in
real-time by someone on the other end of the phone. Or, the user would need to
be willing to wait for a solution from whoever they left a message for on the
other end of the phone. Even if the person on the other end of the phone was
able to exempt the user from all CAPTCHAs on the site, this is still not a
viable solution for anonymous users, or for sites where they simply would not
have the resources to operate the phoneline.
This would definitely not work for a blog, as most bloggers are likely not
going to be willing to provide their phone number to verify users.
Everett__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
Other related posts:
