This is called the "Relay Attack" and is not a crack. Cheers, Rob. On Fri, 2008-08-29 at 23:57 -0400, Eric Gorr wrote: > p.s. I cannot claim credit for this piece of info and since you will > reject out of hand anything I might say, I am quoting it > directly....but thought you might be interested in learning about just > how easily captcha's can be cracked. > > ----- > To whoever said you could hire a programmer for $5/hour to break > CAPTCHAs, spammers have demonstrated a cheaper way to get someone to > do the dirty work for them. And it can work for just about any CAPTCHA > in existence because it uses the one things CAPTCHAs depends on: > actual human intervention. > > All you need is a porn server or something else decidedly tempting. > > When the unsuspecting visitor makes a request for free stuff, the > server can then make an attempt to break a CAPTCHA. It makes the > attempt innocuously like any ordinary web client, but it downloads the > necessary CAPTCHA and data locally (so no offsite addressing)…and then > passes it along to the user, challenging him/her to solve the CAPTCHA > in order to obtain the goods. > > The user solves the CAPTCHA, the web server passes along the results. > If the CAPTCHA is passed, the user gets the reward (so does the > server, though). > > It’s a human proxy, and the actual attempt can be made to look exactly > like any ordinary person making the attempt, so there’s no way for the > CAPTCHA to distinguish between this and a real attempt. It would be > only moderately difficult to implement the proxy but mostly automatic > once implemented. > ----- > > > Simple google searches can come up with similar statements from > apparently credible sources, whose veracity I have no reason to doubt, > about people being hired to sit there and break captcha's if it is > important enough the evil doer to do so. > > -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
