Defeating Audio Captcha Systems

Jose Palazon, sent us an advisory he wrote which allows defeating of a WordPress antispam plugin named, "Peter’s Math AntiSpam spinoff".

I think this is one of the first practical audio captcha hacks I’ve seen. Very cool actually, nice one Jose.

Now, back to the details…

Here’s another spin-off of Peter’s Custom Anti-Spam Image for WordPress that will generate math anti-spam equations as images instead of custom anti-spam images….

The goal of this spin-off plugin is to further fool spambots somewhat by combining the “make them answer a math equation” and “make them read an image” ideas. This plugin aims to keep the readability of the Custom Anti-Spam version, as well as other features like random fonts and colours.

Jose’s research demonstrates practical Pseudo code to attack this plugin. I’m not going to try summarise, just read the paper. In short, spammers are going to have a BBQ with your blog.

Solution? Use an alternate AntiSpam plugin like Akismet or BlogSec’s SpamBam.

• Jose’s full advisory is available here.
• Jochem van der Vorm released a paper last year on defeating Voice/Audio Captchas. More details here.

Random Posts

• WordPress 2.6.1 Weak Entropy Vulnerability
• WPIDS – WordPress Intruder Detection System
• September Top 5
• WordPress 2.5.1 Release Fixes Several Vulnerabilities
• WordPress PictPress File Include Vulnerability

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Copyright 2007. BlogSecurity. All rights reserved

• Home
• About
• Advertise
• BlogSec News
• Contact Us
• WPSCAN