Presented at
DEF CON 16 (2008),
Aug. 8, 2008, 11 a.m.
(20 minutes).
This presentation will detail two methods of breaking captcha. One uses RainbowCrack to break a visual captcha. The other uses fuzzy logic to break an audio captcha. Both methods are 100% effective. These are real attacks that affect real world software: CVE-2008-2020 CVE-2008-2019. Exploit code is available to the public
Presenters:
-
Michael Brooks
- Security Engineer, Fruition Security
Michael Brooks is a puzzle master. Some people like Sudoku, but Michael likes hacking. Michael is a Computer Science student at Northern Arizona University. Michael has worked in web application development, penetration testing as well as other forms of software quality control. Currently he works in the finical industry for https://www.paythentrade.com/ as a security engineer. Michael has recently started the website: http://www.rooksecurity.com/ . As you can see Michael has published a wide range of real world attacks against web applications.
Exploit code written by Michael:
http://milw0rm.com/author/677
CVE's from Michael:
CVE-2008-2019,CVE-2008-2020,CVE-2008-2043,CVE-2007-6471,CVE-2007-6459,CVE-2007-6458,CVE-2007-0134,CVE-2007-0132,
CVE-2007-0130,CVE-2006-6781,CVE-2006-3208,CVE-2006-3207,CVE-2006-3206,CVE-2006-3205,CVE-2006-3204,CVE-2006-3203.
Links:
Similar Presentations: