Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18863
HistoryJan 16, 2008 - 12:00 a.m.

Defeating audio captcha systems

2008-01-1600:00:00
vulners.com
24
JSON

Hi all,

Some days ago I wrote an advisory which demonstrates how the Peter's
Math Antispam Spinoff plugin for wordpress
(http://www.theblog.ca/math-anti-spam) can be defeated by its audio file.

It's hard to summarize, you better read the advisory, but in a very
small nutshell, the flaw its about not using any kind of distortion on
the audio clip, which makes it easily identificable by a script.

Here is the link:

http://docs.google.com/View?docid=df36cd52_19xzmkwqcg

I'm sure you will find the advisory inspirational, as the approach is
applicable to many other capthas, and anti-script methods.

Regards

Jose

JSON