Seba

What a coincidence: 2 posts in a row on Yahoo!

It was just a matter of time. It is just impossible to automatically create a CAPTCHA that can not be beaten by another algorithm.

See the claim by these ’security researchers from Russia’ online. Anyhow CAPTCHA can easily be cicumvented by the so-called “relay attack,” where you’re relaying the CAPTCHA through a site where you’ve got enough traffic in order to generate a useful number of CAPTCHA solution events on the fly.

Instead of being tricked into the cat and mouse game, alternatives should be considered. Try scenarios without a CAPTCHA, or consider using reCAPTCHA

“About 60 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that’s not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort? reCAPTCHA does exactly that by channeling the effort spent solving CAPTCHAs online into ‘reading’ books.”

Yahoo announced they will support and integrate OpenID. This is a big push forward for the OpenID project.

OpenID eliminates the need for multiple usernames across different websites, simplifying the online experience. Not only does it make life easier, it does increase overall authentication security for the involved web applications.

Let’s hope the other big online players do also include this. To get started using an OpenID, get one at e.g. myopenid. Once you have an OpenID, you can use it at a number of sites.

I you have a blogger account, it can also use your blog’s URL as an OpenID URL.

It’s dead easy: I just created my OpenID URL at Verisign and published my details to the OpenIDDirectory. I did the latter already signing in with Verisign’s OpenID :-).

Hi, 

I am doing a yearly chapter survey (see below). I encourage you to do the same: it provides us with valuable feedback in Belgium.

Next time I would love to do it online. Does anybody have experience with http://www.surveymonkey.com/ ? Are there other sites you have done this with? 

Our Survey 2007:In order to make our chapter meetings better I would like to ask you some questions, feedback and suggestions. Please fill in the 6 questions below, I will summarize the results after February 1st. 

Q1: Do you consider yourself: 

1. “New to beginner” on (Web)AppSec topics
2. “Having some knowledge-experience” on (Web)AppSec topics
3. “Advanced to expert” on (Web)AppSec topics 

Q2: How many chapter meetings would you like to attend in 2008:

1. 1
2. 2
3. 3
4. 4

Q3: Will you come to the OWASP AppSec EU conference in
Brussels on May 22-23?

1. Yes
2. No

Q4: If given some time to prepare a topic, would you consider preparing a session for a chapter meeting:

1. Yes
2. No

Q5: What is your opinion of the Owasp events in 2007?

1. A waste of time
2. Somewhat interesting, but I will not come anymore
3. I liked it, and will maybe come to some chapter meetings in 2008
4. Great! I would recommend it to everybody implicated or interested in (Web)AppSec 

Q6: What would you recommend to make our chapter meetings more interesting for you?

We are joining forces in Europe

AppSec Eu 08 is working together with the CONFidence 2008 conference in Poland on OWASP topics. People will also get discounts when going to the other conference.

It is already known for some time, but here I want to make it even more official: the OWASP AppSec Conference is coming to Belgium in May.

More details on http://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium

I will be announcing topics and details in the coming weeks and months.

Hope to see you all there!