Hi Guys, Talking about CAPTCHA... ...
I am involved in 'cloud' solutions and read interesting articles of 'Human Cloud' (some terms I made up to let you imagine better). I try to dig them out if anyone interested, can't recall exactly where I read it. Could be a SecurityTube posting of a speaker at HiTB KL last yr. Ok, the technique is this, determined crackers can use 'outsourced/offshore' help to workaround CAPTCHA say from India/China or where labour cost is lower. You can create API to screenshot/save CAPTCHA image and send to those team elsewhere, they solve for you in seconds and via API, automatically passed to your cracking application. I likened that to 'cloud', 'human CPU' on demand. So my opinion is this, as long the additional 'factor' is human processing required e.g. typing back a CAPTCHA, voice dictation, click on some patterns etc, these can be outsourced using APIs to 'human cloud'. The additional 'factor' should be something that the user must have physically that these 'human cloud' can't possibly have in order to be stronger. CAPTCHAs just make it a little hassle for those 'script kiddies' but what if 'human cloud' APIs are as cheap as Apple Store app download e.g. $0.01 per solved CAPTCHA? On another perspective, when we are using CAPTCHA, we are actually being the 'human cloud' solving some organization's book scanning OCR process ( http://recaptcha.net/learnmore.html). Good or bad I am not sure, why not harness 'human cloud' for improving your own processes? But that is another topic. What do you think? Until today am still fascinated by 'human cloud'.
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
