Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [wp-testers] WordPress 2.0.1 Remote DoS Exploit?

  • To: wp-testers@xxxxxxxxxxxxxxxxxxxx
  • Subject: Re: [wp-testers] WordPress 2.0.1 Remote DoS Exploit?
  • From: Roy Schestowitz <wp-lowtraffic@xxxxxxxxxxxxxxx>
  • Date: Mon, 13 Mar 2006 05:03:39 +0000
  • Delivery-date: Mon, 13 Mar 2006 05:03:42 +0000
  • Envelope-to: wp-lowtraffic@schestowitz.com
  • In-reply-to: <44147C23.4080708@twilightuniverse.com>
  • References: <3DAED5F8-68A9-4819-9D62-481D2141B17C@calpoly.edu> <a491f91d0603091703i2de3fea0he29eb5da8ebd3acc@mail.gmail.com> <d9b7394f0603092154t3b253446q688e50c16edcd423@mail.gmail.com> <a491f91d0603092226x7865e0ect90f20bca56b6638d@mail.gmail.com> <5aa3aa0603092232o40eb55fkce3b634fdc655682@mail.gmail.com> <4411A187.6060007@gunters.org> <829767470603100841s20e73b94kd5b90c3012403afa@mail.gmail.com> <4411ADED.5070403@negimaki.com> <e6ec604d0603100900q55009d9ct9d25c0b1f3977510@mail.gmail.com> <871325217.20060310184100@gmail.com> <7235ce780603121037o4bf618e8id213cba053394911@mail.gmail.com> <44147C23.4080708@twilightuniverse.com>
  • Reply-to: r@xxxxxxxxxxxxxxx
  • User-agent: Internet Messaging Program (IMP) H3 (4.0.3)
___/ On Sun 12 Mar 2006 19:53:07 GMT, [ Gregory Wild-Smith ] wrote : \___

Mike Little wrote: 
It is usually not usability but *accessibility* which becomes a
problem with captchas.

That is, if the capcha is an image based one, then people with vision
problems, including but not limited to the blind, cannot use the
system.



Give the visitor a simple math riddle instead. Or take the approach of Eric
Meyer, who *does* understand usability, and re-use Gatekeeper (a WordPress
plugin) to pose a trivial question.

Also see: http://www.trenholm.co.uk/?p=113


Also, aside from the more obvious problems, most capucha's can be defeated pretty easily if you actually want to devote some cpu cycles to it. They really only protect from really basic scripting attacks. 


The following is a rather popular proof-of-contention page:

http://sam.zoy.org/pwntcha/

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index