[159849] in North American Network Operators' Group
Re: Suggestions for the future on your web site: (was cookies, and
daemon@ATHENA.MIT.EDU (Andrew Sullivan)
Thu Jan 24 11:01:16 2013
Date: Thu, 24 Jan 2013 11:00:50 -0500
From: Andrew Sullivan <asullivan@dyn.com>
To: nanog@nanog.org
In-Reply-To: <201301241550.r0OFoFhn076160@aurora.sol.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Jan 24, 2013 at 09:50:15AM -0600, Joe Greco wrote:
> A CAPTCHA doesn't need to be successful against every possible threat,
> it merely needs to be effective against some types of threats. For
> example, web pages that protect resources with a CAPTCHA are great at
> making it much more difficult for someone with l33t wget skills from
> scraping a website.
Well, yes and no. Lately, AFAICT, most CAPTCHAs have been so
successfully attacked by wgetters that they're quite easy for machines
to break, but difficult for humans to use. For example, I can testify
that I now fail about 25% of the reCAPTCHA challenges I perform,
because the images are so distorted I just can't make them out (it's
much worse on my mobile, given the combination if its small screen and
my middle-aged eyes).
So it's now more like airport security: a big hassle for the
legitimate users but not really much of a barrier for a real
attacker. A poor trade-off.
Best,
A
--
Andrew Sullivan
Dyn, Inc.
asullivan@dyn.com
