HackDig : Dig high-quality web security articles for hacker

OWASP TOP 10: Insufficient Attack Protection #7 – CAPTCHA Bypass

What is CAPTCHA? CAPTCHA is an acronym for “Computer Automated Public Turing test to tell Computers and Humans apart”. It is used to determine whether or not the user is human. Many times, a CAPTCHA is an image. A human has to solve it using the challenge response system. A human can usually read it without too much difficulty. Figure below is an example of
Publish At:2017-05-04 13:36 | Read:3090 | Comments:0 | Tags:News Automation CAPTCHA CAPTCHA Bypass Insufficient Attack P

Making CAPTCHAs Expensive Again: If You’re Using Text-Based CAPTCHAs, You’re Doing It Wrong

CAPTCHAs – these things: A human creation built to foil robots. However, as is ever so common these days, the robots are winning. But! it doesn’t have to be that way.The first CAPTCHAs were created in 2000, and most every CAPTCHA since has remained virtually the same. This becomes problematic when thinking about CAPTCHAs in the context of being security appl
Publish At:2017-03-13 16:15 | Read:2718 | Comments:0 | Tags:Featured Articles Security Awareness application CAPTCHA Mac

It’s easy to fool CAPTCHA

CAPTCHA: humans vs. computers On some websites, you may have noticed that you are prevented from continuing your visit or purchase until you solve a puzzle of obscure letters or pictures. After staring at a few squiggly lines, deciphering the words, and typing the correct word in a blank space, you may finally continue. This process is done to verify that we
Publish At:2016-04-27 19:25 | Read:2563 | Comments:0 | Tags:Internet Security News captcha human computing recaptcha

Researchers devised a reCaptcha breaking system effective against Google and Facebook

A group of boffins discovered vulnerabilities in the reCaptcha systems of Google and Facebook and devised an attack method. The security experts Suphannee Sivakorn, Iasonas Polakis, and Angelos D. Keromytis have devised an attack technique against Facebook and Google reCaptcha. The boffins from the Department of Computer Science at Columbia University have d
Publish At:2016-04-11 18:30 | Read:3018 | Comments:0 | Tags:Breaking News Hacking Security CAPTCHA reCaptcha breaking sy

CloudFlare considers 94 percent of the Tor traffic as “per se malicious”

Experts at CloudFlare revealed that 94 percent of the Tor traffic they see is “per se malicious,” but Tor Project opposes it. The experts from the Content delivery network (CDN) CloudFlare revealed that 94 percent of the Tor traffic they ordinary see is “malicious.” It is not a mystery that Tor is becoming a favored tool of cyber criminals so many websites a
Publish At:2016-04-03 10:05 | Read:2934 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Security anonymity CAPTCH

Malware Capable of Bypassing CAPTCHA Systems Found in Google Play

Security researchers have spotted a sophisticated type of malware that is capable of bypassing CAPTCHA authentication systems in the Google Play Store.According to a blog post written by Bitdefender security researcher Liviu Arsene, the malware, which has been identified as Android.Trojan.MKero.A, seems to have somehow found its way into legitimate apps host
Publish At:2015-09-09 12:10 | Read:2098 | Comments:0 | Tags:Latest Security News BitDefender C&C CAPTCHA Liviu Arsene ma

Security Slice: The CAPTCHA Arms Race

Security researchers recently discovered new Android-based malware that can easily bypass CAPTCHA image-based verification systems. Dubbed the Podec Trojan, the malware’s ultimate goal is to extort money from users by signing them up for premium services.Should you worry about the latest CAPTCHA attacks?Listen to our latest Security Slice podcast and hear Ti
Publish At:2015-04-02 08:20 | Read:1708 | Comments:0 | Tags:Security Slice CAPTCHA malware

‘Podec’ Trojan Bypasses CAPTCHA on Android Phones

Security researchers have uncovered a new Android-based malware that bypasses CAPTCHA image-based verification systems and covertly subscribes users to premium-rate services.In a post published on Securelist, researchers Victor Chebyshev and Nikita Buchka explain how they first came into contact with Trojan-SMS.AndroidOS.Podec last year. They have since inte
Publish At:2015-03-11 23:45 | Read:2990 | Comments:0 | Tags:Latest Security News CAPTCHA malware security

SMS Trojan bypasses CAPTCHA

Late last year, we encountered an SMS Trojan called Trojan-SMS.AndroidOS.Podec which used a very powerful legitimate system to protect itself against analysis and detection. After we removed the protection, we saw a small SMS Trojan with most of its malicious payload still in development. Before long, though, we intercepted a fully-fledged version of Tr
Publish At:2015-03-10 16:05 | Read:6431 | Comments:0 | Tags:Analysis Publications Android CAPTCHA Mobile Malware SMS Tro

#HackerKast 13: Zombie POODLE, TCP/UDP Vulnerabilities, Jailed for XSS

This week Robert was keeping warm by his yule log while Jeremiah was freezing in the Boston snow and I won’t be putting Christmas ornaments in my beard no matter how many of you send me that blog post. To get right into it, we started off by talking about the return of POODLE. For those with short term memory loss, POODLE was a nasty vulnerability dis
Publish At:2014-12-16 23:10 | Read:3967 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

#HackerKast 12: Operation Cleaver, Sony and PayPal Hacks, Google’s Alternative to CAPTCHA

Kicked this week off in the holiday spirit with Robert and Jeremiah hanging out in a festive hotel down in Los Angeles, probably preparing to cause lots of trouble. The first story we touched on was about Operation Cleaver, a report put out by Cylance. This research investigates the movements and threat of one particular pro-Iranian hacking group who was ta
Publish At:2014-12-10 18:40 | Read:3027 | Comments:0 | Tags:Industry Observations Vulnerabilities Web Application Securi

Google No CAPTCHA Simple for Humans, Tough on Bots

Google is getting right to the point with the latest update to its reCAPTCHA authentication system.Rather than have users signing in to an online service try to decipher blurred text, Google has simplified the process by simply asking users whether they’re a bot. One click later, they’re authenticated.Related PostsFacebook Tool Mines Stolen Passw
Publish At:2014-12-03 16:35 | Read:1887 | Comments:0 | Tags:Web Security Authentication captcha Google CAPTCHA Google No

GATSO! Speed camera phish leads to CryptoLocker ransomware clone...

Recently, we came across an intriguing phishing campaign that combines two feared products of the information age.Gatsos (speed cameras) and ransomware, rolled into one attack!It all started with a phishing email claiming to be from the Office of State Revenue in New South Wales, Australia.The subject matter is a speeding fine you are alleged to have clocked
Publish At:2014-11-04 01:40 | Read:2465 | Comments:0 | Tags:Cryptography Featured Malware Phishing Ransomware CAPTCHA cr

Thieves Cash Out Rewards, Points Accounts

A number of readers have complained recently about having their Hilton Honors loyalty accounts emptied by cybercrooks. This type of fraud often catches consumers off-guard, but the truth is that the recent spike in fraud against Hilton Honors members is part of a larger trend that’s been worsening for years as more companies offer rewards programs. Man
Publish At:2014-11-03 11:20 | Read:5608 | Comments:0 | Tags:A Little Sunshine The Coming Storm Brendan Brothers CAPTCHA

clipcaptcha – CAPTCHA Service Impersonation Tool

clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool.Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML conf
Publish At:2014-08-15 09:48 | Read:3485 | Comments:0 | Tags:Hacking Tools Network Hacking Programming CAPTCHA captcha im

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud