[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: [Asrg] Its all over for Challenge Response

To: asrg at ietf.org
Subject: re: [Asrg] Its all over for Challenge Response
From: AccuSpam <support at accuspam.com>
Date: Fri, 13 Feb 2004 03:43:07 +0800
In-reply-to: <6.0.3.0.0.20040212164437.01e21ec0@mail.uniwares.com>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <4.1.20040212183000.009cf710(null)><4.1.20040212183000.009cf710(null)>
Sender: asrg-admin at ietf.org

No.

With my IP limiting suggestion, for meaningful attack of significant volume, the proxy has to be on the client side, unless a spammer has millions of IP addresses to use for web servers.

>Using a pretty simple PHP script, the CAPTCHA can be embedded into a new 
>image which is then delivered to the client, no matter if you use HTTP or 
>HTTPS; the final request from the client has nothing to do with the 
>original request to the CAPTCHA image.
>
>Andreas 

Shelby Moore
http://AccuSpam.com



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- re: [Asrg] Its all over for Challenge Response
  - From: AccuSpam
- re: [Asrg] Its all over for Challenge Response
  - From: Andreas Saurwein

Prev by Date: re: [Asrg] Its all over for Challenge Response
Next by Date: Re: [Asrg] Spoofed mail addresses; envelope and header addresses!=
Previous by thread: re: [Asrg] Its all over for Challenge Response
Next by thread: RE: [Asrg] Its all over for Challenge Response
Index(es):
- Date
- Thread