tag:blogger.com,1999:blog-7709545987428077201.post3130590214512772410..comments2023-12-18T22:33:06.504-08:00Comments on Schmoilitos Way: Preventing BlackHat AutomationMike Zusmanhttp://www.blogger.com/profile/12928702448334406855noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-7709545987428077201.post-1087212796310038422008-04-14T06:51:00.000-07:002008-04-14T06:51:00.000-07:00Very true. I was trying to think of ways to make c...Very true. I was trying to think of ways to make captcha's harder to crack, but easier to for people to use. Something along the lines of http://research.microsoft.com/asirra/<BR/> and http://www.rorsecurity.info/2008/04/04/webappsec-the-idea-of-negative-captchas/.<BR/><BR/>If you don't make the user jump through hoops (decipher an unreadable captcha) but make human evaluation required for interpreting the results/data from the transaction you are trying to protect, you achieve the same results. <BR/><BR/>Is it easier then a regular captch? Perhaps not.Mike Zusmanhttps://www.blogger.com/profile/12928702448334406855noreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-28944133191993945592008-04-14T06:15:00.000-07:002008-04-14T06:15:00.000-07:00This is exactly what CAPTCHAs are designed for. T...This is exactly what CAPTCHAs are designed for. To prove that a human is on the other side of the transaction. There's no need to bother with fancy 'reverse captchas' which will only confuse your users. Just require a CAPTCHA to be satisfied as a part of the same form where the credit card is entered. As to the effectiveness of CAPTCHAs, well, they're a lot better than nothing.<BR/><BR/>reznAnonymousnoreply@blogger.com