[wp-testers] WordPress 2.0.1 Remote DoS Exploit?
Gregory Wild-Smith
greg at twilightuniverse.com
Mon Mar 13 11:43:32 GMT 2006
See that would make lots more sense, be accessible, and wouldn't require
the amount of work to create and maintain a captcha that was both
powerful and human readable.
Issues around that however are: core code text output needs to be able
to be internationalized, so that's an extra bunch of work right there.
Maths problems are better, but would be easy to script for. Plus any
list of problems and answers would, as WP is OSS, be available and you
could simply check against a list to find out what the answer was, which
would be trivial for a script to do.
That is, if you consider any of this issue an actual problem, which I
certainly don't. There are much better ways of doing a DoS attack if
someone wanted to...
-- Greg
Roy Schestowitz wrote:
> Give the visitor a simple math riddle instead. Or take the approach of
> Eric
> Meyer, who *does* understand usability, and re-use Gatekeeper (a
> WordPress
> plugin) to pose a trivial question.
>
> Also see: http://www.trenholm.co.uk/?p=113
>
>
>> Also, aside from the more obvious problems, most capucha's can be
>> defeated pretty easily if you actually want to devote some cpu cycles
>> to it. They really only protect from really basic scripting attacks.
>
>
> The following is a rather popular proof-of-contention page:
>
> http://sam.zoy.org/pwntcha/
>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
>
>
More information about the wp-testers
mailing list