Wednesday, January 31, 2007

Random Aside: Starbucks and CAPTCHA

The 4 month break from travel came to a halt yesterday when I headed over to Sunny San Diego to give a presentation. Except that it was raining in San Diego and I was reminded of my proposal for new a TSA regulation:

Proposal: Speaking in the coffee line, especially by high pitched teenagers, before 7:30am is expressly forbidden. Violation is punishable by losing your place in line and having those who had to hear your drivel beat you with the designated "whacking stick".

On a security note, this "paper" (breaking CAPTCHAs) is being discussed on bugtraq. It's not exactly peer reviewed work and there are questions on its practicality. At a quick glance, I think it the attack could be automated and numerous CAPTCHAs that I've seen on financial sites could be broken with this method.

Quite frankly, I'm a little surprises that Identity Guard from Entrust hasn't picked up more steam as a cost effective way of providing two-factor authentication for B2C web sites dealing with high value data.


Post a Comment

<< Home