06-03-2012, 02:37 PM
WEB CAPTCHA
[attachment=18020]
Vulnerabilities
HTTP does not distinguish between human & machine users.
HTTP & SSL do not guarantee client software or user is benign.
Malicious bots can be anonymous and distributed.
Benign bots spider for searches, etc
Threats to Web
Content Theft-- stealing paid data
Copyright Infringement-- “scraping” content from one site to display on another, “out of context”
Unwanted spidering-- search engines may ignore robots.txt or “nofollow” tags
Poll Stuffing-- MIT vs. CMU on /. [1]
Web Spam-- unsolicited commenting, abusing free email, scraping addresses
Web Spam
Web comments, discussions, guest books, Wikis, many public forms are open to spam messages.
More eyeballs per message than e-mail
E-mail spam is illegal, but most Web spam is legal.
Bots collect email addresses on Web.
Custom CAPTCHA
Starting from Open Source or public domain code, not too difficult to customize.
Customizing can make your implementation resistant to all but direct assaults.
CAPTCHA volunteers may help you test and improve your algorithm.
Can be stronger than using a service or preconfigured software.