- From: user24 24 <puremango.co.uk@gmail.com>
- Date: Tue, 29 Nov 2005 13:04:46 +0000
- To: wai-site-comments@w3.org
- Message-ID: <3b7661250511290504t76ded82fkbc38c099bcdf188e@mail.gmail.com>
Hi,
Just read through the working draft of the "Inaccessibility of CAPTCHA"
article (http://www.w3.org/TR/2005/NOTE-turingtest-20051123), and have
noticed that I've been incorrectly cited as the author of gimpy;
[BREAKING]
Breaking CAPTCHAs Without Using OCR, Howard Yeend. The site is online at
http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html
[BREAKINGOCR]
Breaking CAPTCHAs Without Using OCR, Howard Yeend. The site is online at
http://www.puremango.co.uk/cm_breaking_captcha_115.php
I (Howard Yeend) am only the author of the [BREAKINGOCR] reference, and have
nothing to do with gimpy, whoose authors I believe are Greg Mori and
Jitendra Malik , commonly refered to as Mori at al.
Additionally, in body of that report, it is stated that "[BREAKINGOCR]
outlines a CAPTCHA defeat on PHP- and ASP-based systems" - the vulnerability
I describe is language independant; I only tested PHP/ASP CAPTCHAs because I
could only find PHP/ASP CAPTCHAs. There is no technical reason why, say, a
PERL CAPTCHA might not fall victim to the session re-use problem.
You might be interested in my proof-of-concept script relating to the
session re-use problem, which can be found at
http://www.puremango.co.uk/acdc_breakcaptcha.php
Yours,
-h.
Received on Tuesday, 29 November 2005 14:53:50 UTC