Random Aside: Starbucks and CAPTCHA
The 4 month break from travel came to a halt yesterday when I headed over to Sunny San Diego to give a presentation. Except that it was raining in San Diego and I was reminded of my proposal for new a TSA regulation:
Proposal: Speaking in the coffee line, especially by high pitched teenagers, before 7:30am is expressly forbidden. Violation is punishable by losing your place in line and having those who had to hear your drivel beat you with the designated "whacking stick".
On a security note, this "paper" (breaking CAPTCHAs) is being discussed on bugtraq. It's not exactly peer reviewed work and there are questions on its practicality. At a quick glance, I think it the attack could be automated and numerous CAPTCHAs that I've seen on financial sites could be broken with this method.
Quite frankly, I'm a little surprises that Identity Guard from Entrust hasn't picked up more steam as a cost effective way of providing two-factor authentication for B2C web sites dealing with high value data.
Proposal: Speaking in the coffee line, especially by high pitched teenagers, before 7:30am is expressly forbidden. Violation is punishable by losing your place in line and having those who had to hear your drivel beat you with the designated "whacking stick".
On a security note, this "paper" (breaking CAPTCHAs) is being discussed on bugtraq. It's not exactly peer reviewed work and there are questions on its practicality. At a quick glance, I think it the attack could be automated and numerous CAPTCHAs that I've seen on financial sites could be broken with this method.
Quite frankly, I'm a little surprises that Identity Guard from Entrust hasn't picked up more steam as a cost effective way of providing two-factor authentication for B2C web sites dealing with high value data.
posted by Steve Shah at 8:56 AM
0 Comments:
Post a Comment
<< Home