Via SecuriTeam -
The plugin Math Anti-spam consists of "a simple equation you must be able to solve in order to enter comments to a post. The equation is displayed as an image in a randomized color, font and position. An alternative to the image you can by clicking on the image, you download an audio mp3 clip that reads the equation for you". This audio clip is always the same voice, which is not randomly distorted or any other obfuscation method is applied.
The following illustrates how the Math Anti-spam mechanism can be easily subverted by preforming file comparison on the audio files.
Credit: The information has been provided by Jose Palazon (a.k.a. palako).
The original article can be found at:
http://docs.google.com/View?docid=df36cd52_19xzmkwqcg
Thanks to Jose to pointing this out to me before he made it public. This has now been addressed in the newest version of the plugin.
ReplyDeletehttp://www.theblog.ca/peter-forum?forum=5&topic=66&page=1&post=262
Thanks for the update pkthree. CAPTCHAs, like most other things in security, are always a cat & mouse game.
ReplyDelete