NYCPHP Meetup

[Chris Shiflett]

Chris Snyder wrote:
> It could also be defeated using offshore labor, which we might
> see more of in the next few years. How many comments-per-hour
> can be submitted by a worker in China making $10/day? How many
> more if the worker knows Javascript?

Good point. There's also the "porn attack" that has been used for years:

1. Request the form with the CAPTCHA you want to solve.

2. On a high-traffic page, promise free porn (representative of anything
desired, although porn was the actual first use case) in exchange for
the solution to the CAPTCHA from Step 1.

3. Submit the form from Step 1, along with the CAPTCHA solution obtained
in Step 2.

There's also PWNtcha:

http://sam.zoy.org/pwntcha/

I hate CAPTCHAs anyway. :-)

Chris

-- 
Chris Shiflett
http://shiflett.org/