Rich Kulawiec wrote:
On Thu, Jan 24, 2013 at 09:50:15AM -0600, Joe Greco wrote:
However, as part of a "defense in depth" strategy, it can still make
sense.
Brother, you're preaching to the choir. I've argued for defense in depth
for longer than I can remember. Still am.
But defenses have to be *meaningful* defenses. Captchas are a pretend
defense. They're wishful thinking. They're faith-based security.
Oh, I dunno. I run a website that has a fairly low volume forums that
occasionally gets
a drive by spamming. I'm pretty sure that if I implemented even a naive captcha
it would
go back to zero. Same thing with proof of email box control things that has to
be even
easier to automate. Would they bother? I doubt it -- it was never particularly
worth their
effort to even do the easy drive bys.
Mike
