This blog is retired.

Archive for January, 2008

Too much good is also bad

Wednesday, January 30th, 2008

A simple, but very effective phpBB antispam tool Textual Confirmation (TC) asks newly registering user a question. If the answer is wrong, TC rejects the registration.

How much questions do you need for the best protection? Hard to say, but definitely not 50.

Earlier or later, a cheap outsourced monkey answers some of your questions and adds the answer into the spammer’s database. As a counteraction, you need to change you question. When you have 50 questions, it’s a tedious task.

In my opinion, 2 or 3 questions is enough.

Satisfactory recognition rate

Thursday, January 24th, 2008

The Yahoo CAPTCHA is broken press-release reveals some numbers. I’m highlighting them:

It’s not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100 000 tries per day, taking into the consideration the price of not automated recognition — one cent per one CAPTCHA.

* 15% recognition rate is enough
* 1 cent per 1 CAPTCHA when using monkeys

Yahoo CAPTCHA is broken

Tuesday, January 22nd, 2008

According to the hmm… press-release (formally, it’s a blog entry, but the style is very press-releasish), the Yahoo CAPTCHA is broken.



Self-made DoS of the bbantispam server

Thursday, January 17th, 2008

According to Wikipedia, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Recently it happended to and More precisely, it was not a DoS-attack, but a DoS-suicide.


The best CAPTCHA ever - 2

Monday, January 14th, 2008

I already wrote about The best CAPTCHA ever — it’s a simple, but impressive looking math expression. Use of a scientific CAPTCHA is taking off. Now you can see one on the registration page of the library of Moscow Institute of Physics and Technology:

circuit captcha