[159876] in North American Network Operators' Group
Re: Suggestions for the future on your web site: (was cookies, and
daemon@ATHENA.MIT.EDU (Michael Thomas)
Sat Jan 26 20:46:25 2013
Date: Sat, 26 Jan 2013 17:45:42 -0800
From: Michael Thomas <mike@mtcc.com>
To: Rich Kulawiec <rsk@gsp.org>
In-Reply-To: <20130125124050.GA5110@gsp.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Rich Kulawiec wrote:
> On Thu, Jan 24, 2013 at 09:50:15AM -0600, Joe Greco wrote:
>> However, as part of a "defense in depth" strategy, it can still make
>> sense.
>
> Brother, you're preaching to the choir. I've argued for defense in depth
> for longer than I can remember. Still am.
>
> But defenses have to be *meaningful* defenses. Captchas are a pretend
> defense. They're wishful thinking. They're faith-based security.
Oh, I dunno. I run a website that has a fairly low volume forums that occasionally gets
a drive by spamming. I'm pretty sure that if I implemented even a naive captcha it would
go back to zero. Same thing with proof of email box control things that has to be even
easier to automate. Would they bother? I doubt it -- it was never particularly worth their
effort to even do the easy drive bys.
Mike
