r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[Tech News] Interesting technology

Oldes
19-Apr-2009
[3803x2]
Just write your forms using JS or at least don't use common login 
field names like USER and PASSWORD
but if you don't hide the submit button, they will try to insert 
the links into any text field.
[unknown: 5]
19-Apr-2009
[3805x6]
I thought of a great idea to stop forum spammers and probably others. 
 I don't know how it can be thwarted.
I wouldn't know how to code it but it would probably require Javascript 
which I don't know.
But that might not be a good idea.  Need something almost other than 
javascript.
The idea is to use Drag and Drop.
The drag and drop areas always change.
So its random generated.
ICarii
19-Apr-2009
[3811]
3D hit testing is another upcoming captcha method
[unknown: 5]
19-Apr-2009
[3812]
How does that work? I hear that cpatcha is being beaten by OCR methods.
ICarii
19-Apr-2009
[3813]
there are various implementations from thread-the-needle / drag-and-drop 
/ to overlay matching and rotation
[unknown: 5]
19-Apr-2009
[3814]
My idea involves having the backend generate a random code that gets 
presented as a draggable item in a javascript driven page.  The user 
must drag the code to a randoming placed box.  The code i s also 
randoming placed.  The script will generate a value based on the 
direction and length of the drag.  This gets compared on the server 
end along with the code.
ICarii
19-Apr-2009
[3815]
cant the spammer then just read the code to get the positions?
[unknown: 5]
19-Apr-2009
[3816]
Yeah, which is why I don't think you can do it in javascript.  I'm 
using that as an example to get an idea for the concept.
ICarii
19-Apr-2009
[3817]
automating mouse movement and clicks from then on is relatively trivial
[unknown: 5]
19-Apr-2009
[3818]
Yeah might not work via that route.
ICarii
19-Apr-2009
[3819]
the trick is to possibly send location on drop - then verify serverside
[unknown: 5]
19-Apr-2009
[3820x2]
Yeah - that should do it!
Dunno, you still have to show the locations on the client end so 
they know where to drag.
ICarii
19-Apr-2009
[3822x2]
send an image
eg: drag the object onto the purple rabbit - have an image with 20 
or so differentr rabbits
[unknown: 5]
19-Apr-2009
[3824x3]
Possible.
How about this.  You  display a rather large image and the user must 
click the very center of image (hold down button) and drag to a border 
speciied within the image.  The image changes.
For example say the image is just a picture of a large ball or circle. 
 The person clicks the center of the circle and holds down to expand 
to the perimeter of the circle in the image and releases and this 
gets interpretes as radius back to the server.
ICarii
19-Apr-2009
[3827]
still open to image analysis attack
Oldes
19-Apr-2009
[3828]
Captachas are agains people, not bots. Bots are mostly very simple, 
especially the one which just puts links into fields. Why they would 
spend time on image analysis when they just can travel on another 
site with simple forms. fields.
ICarii
19-Apr-2009
[3829]
they broke the gmail captcha and yahoo and hotmail by use of image 
analysis.
Oldes
19-Apr-2009
[3830]
people.. not bots:)
ICarii
19-Apr-2009
[3831]
oh - i thought they were reported to have automated it?
Oldes
19-Apr-2009
[3832]
I don't think there is any bot just browsing around searching for 
another captcha to break in:) I can call it "a script" which someone 
could use to break gmail captcha, but not "a bot". Anyway... I bet 
they used many people to just click and  traslate the images.
ICarii
19-Apr-2009
[3833x2]
http://securitylabs.websense.com/content/Blogs/2919.aspx
very interesting info on teh gmail break
Oldes
19-Apr-2009
[3835]
Yes... also there is a prove that someone pay for recognizing pictures. 
Anyway... if you have a normal site and don't want links in your 
form fields as Paul has.. using simple JS document.write is enough 
to hide the submit button ans stop the bots. At least that's my experience.
Pekr
20-Apr-2009
[3836x2]
Our general media portal reports, that SUN is being bought by Oracle. 
I thought that it was IBM who tried to acquire them? Anyone confirms 
the news?
Hmm, I wonder what happens to Open Office and MySQL then ....
Janko
20-Apr-2009
[3838x2]
Hm.. I imagine they have hard time selling Oracle if MySQL is free.. 
I wouldn't like to be mysql right now :)
I didn't know Oracle even exists in last years, and surelly not that 
they have so much $$ to buy Sun (+ MySQL )... I am not sure if they 
are very present in web-scene
Pekr
20-Apr-2009
[3840]
They might close mySQL, but I think that the licence forbids them 
doing so. They might close further mySQL developments, but in such 
a case, I think that some ppl would fork it anyway ...
BrianH
20-Apr-2009
[3841]
Oracle already owns the company thaat makes the InnoDB engine for 
MySQL, and that didn't kill MySQL.
Robert
20-Apr-2009
[3842x3]
I don't think that SAP will ike this.
Oracle moves away from a one-product company. Strategically a good 
step. And owning a lot of datastorage infrastructure within the companies 
makes them a logical choice for the other layers.
But overall, I don't like this happening... when will Oracle DBs 
internally use ZFS?
Pekr
20-Apr-2009
[3845]
What is wrong with ZFS?
Robert
21-Apr-2009
[3846]
Nothing. I'm using it on OSX. My message referrs to two topics:
1. Oracle buys Sun -> I don't like it
2. Maybe ZFS will now become more a DB thing than a FS thing.
Pekr
21-Apr-2009
[3847]
Google releases plugin for 3D API - http://arstechnica.com/software/news/2009/04/google-releases-3d-graphics-plugin-for-browsers.ars
Janko
21-Apr-2009
[3848]
hm.. very interesting.. now unity3d (and ston3d) got some competition
Geomol
21-Apr-2009
[3849x2]
O3D is an open-source web API for creating rich, interactive 3D applications 
in the browser.


Wow, 3D games in the browser! It just gets better and better! What 
a wonderful world! ;-)
Maybe we'll even be able to use the back button, when someone shoot 
us in the game.
Rebolek
21-Apr-2009
[3851]
LOL
Janko
21-Apr-2009
[3852]
:)