W3C home > Mailing lists > Public > wai-site-comments@w3.org > November 2005

incorrect citation on turing test working draft

From: user24 24 <puremango.co.uk@gmail.com>
Date: Tue, 29 Nov 2005 13:04:46 +0000
Message-ID: <3b7661250511290504t76ded82fkbc38c099bcdf188e@mail.gmail.com>
To: wai-site-comments@w3.org
Hi,

Just read through the working draft of the "Inaccessibility of CAPTCHA"
article (http://www.w3.org/TR/2005/NOTE-turingtest-20051123), and have
noticed that I've been incorrectly cited as the author of gimpy;

[BREAKING]
    Breaking CAPTCHAs Without Using OCR, Howard Yeend. The site is online at
http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html
[BREAKINGOCR]
    Breaking CAPTCHAs Without Using OCR, Howard Yeend. The site is online at
http://www.puremango.co.uk/cm_breaking_captcha_115.php

I (Howard Yeend) am only the author of the [BREAKINGOCR] reference, and have
nothing to do with gimpy, whoose authors I believe are Greg Mori and
Jitendra Malik , commonly refered to as Mori at al.

Additionally, in body of that report, it is stated that "[BREAKINGOCR]
outlines a CAPTCHA defeat on PHP- and ASP-based systems" - the vulnerability
I describe is language independant; I only tested PHP/ASP CAPTCHAs because I
could only find PHP/ASP CAPTCHAs. There is no technical reason why, say, a
PERL CAPTCHA might not fall victim to the session re-use problem.

You might be interested in my proof-of-concept script relating to the
session re-use problem, which can be found at
http://www.puremango.co.uk/acdc_breakcaptcha.php

Yours,
-h.
Received on Tuesday, 29 November 2005 14:53:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:55:25 UTC