[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: RE: [WEB SECURITY] Brute Force authentication attack
From: "Joseph Peloquin" <jpelo1 () jcpenney ! com>
Date: 2006-07-05 17:35:49
Message-ID: BED80553525ABA4282B4D38881879A90053741C6 () EXCHVS01 ! corp ! jcp ! com
[Download RAW message or body]
Ahh, I see. Judging by the FAQ, I reckon it's never been available for download, and \
s/he may be holding out for someone to pay them for the "code";
Note, also, their test domain has expired (this is supposed to be where you can see \
it _in action_): mailto:info@whois-help.info?Subject=Inquiring about the domain \
'pwntcha.net', with status: Expired
Intrigued by this thread, I waded through the few results on Google, and although \
many people are talking about it like gospel, I don't see anyone else actually using \
the tool.
Cheers,
Joey
> -----Original Message-----
> From: skarvin [mailto:skarvin@gmail.com]
> Sent: Wednesday, July 05, 2006 10:29 AM
> To: Joseph Peloquin
> Cc: Mark Mcdonald; websecurity@webappsec.org
> Subject: Re: [WEB SECURITY] Brute Force authentication attack
>
> I see the link, but in this page i can't see any link to
> download the project and test it.
>
> See you!
>
>
> On 7/5/06, Joseph Peloquin < jpelo1@jcpenney.com
> <mailto:jpelo1@jcpenney.com> > wrote:
>
> I see the link fine .. Maybe it was the slashdotting
> the author speaks of on his homepage *shrug*.
>
> Try: http://sam.zoy.org/pwntcha/
>
> Joey
>
> |-----Original Message-----
> |From: skarvin [mailto:skarvin@gmail.com]
> |Sent: Wednesday, July 05, 2006 9:35 AM
> |To: Mark Mcdonald
> |Cc: websecurity@webappsec.org
> |Subject: Re: [WEB SECURITY] Brute Force authentication attack
> |
> |Hi,
> |
> |I' cant see any download link, are you sure that this project
> |isn't a hoax? Are you tested it, piltrafilla?
> |
> |
> |
> |
> |On 7/3/06, Mark Mcdonald < mmcdonald@staff.iinet.net.au> wrote:
> |
> |
> |
> | You'd be surprised how easy it is to defeat
> most captchas...
> |
> |
> |
> | PWNtcha can defeat heaps of common systems
> found on the net.
> |
> | http://sam.zoy.org/pwntcha/
> |
> |
> |
> |
> |
> |
> |________________________________
> |
> |
> | From: skarvin [mailto:skarvin@gmail.com]
> | Sent: Saturday, July 01, 2006 3:39 PM
> | To: Chris Weber
> | Cc: Jeremiah Grossman; Web Security
> | Subject: Re: [WEB SECURITY] Brute Force
> authentication attack
> |
> |
> |
> | Hi,
> |
> | If you use a very simple captcha, maybe you'll be
> |vulnerable to brute force attacks by OCR techniques.
> |
> |
> | On 6/30/06, Chris Weber <chris@lookout.net> wrote:
> | > True is that. Also "Human Interactive Proof" or HIP,
> |CAPTCHA being more
> | > common, I think.
> | >
> | > -----Original Message-----
> | > From: Jeremiah Grossman [mailto:
> |jeremiah@whitehatsec.com <mailto:
> jeremiah@whitehatsec.com <mailto:jeremiah@whitehatsec.com> > ]
> | > Sent: Friday, June 30, 2006 1:33 PM
> | > To: Web Security
> | > Subject: Re: [WEB SECURITY] Brute Force
> authentication attack
> | >
> | > We all get those from time to time. :)
> | >
> | > CAPTCHA
> | > "completely automated public Turing test to tell
> |computers and humans apart"
> | >
> | > On Jun 30, 2006, at 10:41 AM, Schmidt, Albert
> E wrote:
> | >
> | > > I am definitely having a senior moment. Can
> |anybody please tell me
> | > > what it is called when you have to enter a code
> |displayed in a picture
> | > > when authenticating? I know this is a control
> |against brute force
> | > > hacking, but for the life of me I cannot remember
> |what it is called.
> | > >
> | > >
>
> > --------------------------------------------------------------
> --------
> | > > ------
> | > > The Web Security Mailing List:
> | > > http://www.webappsec.org/lists/websecurity/
> | > >
> | > > The Web Security Mailing List Archives:
> | > > http://www.webappsec.org/lists/websecurity/archive/
> | > >
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> | > >
> | >
> | >
> | >
>
> > ---------------------------------------------------------------
> |-------------
> | > The Web Security Mailing List:
> | > http://www.webappsec.org/lists/websecurity/
> | >
> | > The Web Security Mailing List Archives:
> | > http://www.webappsec.org/lists/websecurity/archive/
> | > http://www.webappsec.org/rss/websecurity.rss
> [RSS Feed]
> | >
> | >
> | >
> |---------------------------------------------------------------
> |-------------
> | > The Web Security Mailing List:
> | > http://www.webappsec.org/lists/websecurity/
> <http://www.webappsec.org/lists/websecurity/>
> | >
> | > The Web Security Mailing List Archives:
> | > http://www.webappsec.org/lists/websecurity/archive/
> | > http://www.webappsec.org/rss/websecurity.rss
> [RSS Feed]
> | >
> | >
> |
> |
> |
> | --
> | Un saludo,
> |
> | skarvin
> | skarvin.blogspot <http://skarvin.blogspot.com> .com
> |<http://skarvin.blogspot.com>
> |
> |
> |
> |
> |--
> |Un saludo,
> |
> |Isidro Catalán
> |<a href=skarvin.blogspot.com>skarvin.blogspot.com </a>
> |
>
>
> The information transmitted is intended only for the
> person or entity to
> which it is addressed and may contain confidential
> and/or privileged
> material. If the reader of this message is not the
> intended recipient,
> you are hereby notified that your access is
> unauthorized, and any review,
> dissemination, distribution or copying of this message
> including any
> attachments is strictly prohibited. If you are not
> the intended
> recipient, please contact the sender and delete the
> material from any
> computer.
>
>
>
>
>
>
>
> --
> Un saludo,
>
> Isidro Catalán
> <a href= skarvin.blogspot.com <http://skarvin.blogspot.com>
> > skarvin.blogspot.com</a>
>
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete the material from any
computer.
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic