Dear Jos?e M. Palazon Romero, This approach is not new, it was demonstrated by ShAnKaR <shankar_(at)_shankar.name> against Simple Machines Forum 1.1.2 in June, 2007. See: http://securityvulns.ru/Rdocument271.html (in Russian) http://securityvulns.ru/files/capcha.pl (Exploit code) http://www.securityfocus.com/archive/1/archive/1/471641/100/0/threaded --Tuesday, January 15, 2008, 9:01:03 AM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: JeMPR> Hi all, JeMPR> Some days ago I wrote an advisory which demonstrates how the Peter's JeMPR> Math Antispam Spinoff plugin for wordpress JeMPR> (http://www.theblog.ca/math-anti-spam) can be defeated by its audio file. JeMPR> It's hard to summarize, you better read the advisory, but in a very JeMPR> small nutshell, the flaw its about not using any kind of distortion on JeMPR> the audio clip, which makes it easily identificable by a script. JeMPR> Here is the link: JeMPR> http://docs.google.com/View?docid=df36cd52_19xzmkwqcg JeMPR> I'm sure you will find the advisory inspirational, as the approach is JeMPR> applicable to many other capthas, and anti-script methods. JeMPR> Regards JeMPR> Jose -- ~/ZARAZA http://securityvulns.com/ Человек это тайна... я занимаюсь этой тайной чтобы быть человеком. (Достоевский)
