Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Published byJon Stith Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org CAPTCHA The Image We All Love To Hate Shay Zalalichin and Avi Douglen Comsec Consulting http://www.ComsecGlobal.com/ Israel 2008 September 14

2 OWASP 2 Introduction  Completely Automated Public Turing Test to Tell Computers and Humans Apart

3 OWASP 3 CAPTCHA Techniques Background  Colors  Patterns  Distortion  Warping  Perturbation  Lines Text  Non-Alpha  Fonts  Sizes  Crowding  Deformation  Rotation

4 OWASP 4 Common Uses  Account Registration  Blog Comments  Contact Us Forms  Data Enumeration  Online Polls  Search Engine Bots  Worms  Authentication Mechanism  CSRF

5 OWASP 5 Implementation Attacks – Example captcha_image.php?x=-8&y=20&l=12 (x + 12, y – 17) - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless

6 OWASP 6 Implementation Attacks – More Example  Solution as part of Image Id  Static Solution per Image Id  Multiple Solution Attempts on Single Image  Small number of repeated images / Limited solution space  Dataflow Bypass

7 OWASP 7 Attacks – Automatic Recognition  Optical Character Recognition (OCR)  Preprocessing  Segmentation  Classification  Success Rates  20% success for Gmail  30-35% success for Hotmail  60-90% success for most others…  Speech-to-Text

8 OWASP 8 - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless

9 OWASP 9 - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless

10 OWASP 10

11 OWASP 11 Other Approaches

12 OWASP 12

13 OWASP 13

14 OWASP 14 Attacks using the Human Factor  CAPTCHA Proxies  Pornography sites  Games  Etc.  CAPTCHA Farms  Cheap Workers  Indian / Romanian / Far East / …  Between 2$ - 4$ per 1000 CAPTCHAs

15 OWASP 15 - Jeremiah Grossman, Blackhat 2008, Get Rich or Die Trying

16 OWASP 16

17 OWASP 17 Conclusion  CAPTCHA doesn’t work  What it does do, does badly  And it’s broken, besides…  Bad solution for the wrong problem  In the meantime: Don’t use CAPTCHA for sensitive resources

Download ppt "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Information Technology Quiz Questions with Answers Part 9

Information Technology Quiz Questions with Answers Part 9
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Slide 1 Insert your own content. Slide 2 Insert your own content.

Slide 1 Insert your own content. Slide 2 Insert your own content.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 4 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 4 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.

1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
15.082 and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem 1 24 35 10, $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $7 25 0 0 0-25.

and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
0 - 0.

0 - 0.
1  1 =.

1  1 =.
2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt Time Money AdditionSubtraction.

2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt Time Money AdditionSubtraction.
ALGEBRAIC EXPRESSIONS

ALGEBRAIC EXPRESSIONS
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Similar presentations

Ads by Google