[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Gmail and SSL

Subject: Gmail and SSL
From: rsk at gsp.org (Rich Kulawiec)
Date: Mon, 31 Dec 2012 06:44:34 -0500
In-reply-to: <CAAAwwbWXUNQKo24mHH+qyC=0uZYAzV3WqrpERg3dmCjCy0fEyg@mail.gmail.com>
References: <CAAAwwbXrT=30++48N8UAas1DpcKWZ8dAe8fgWyeaB3zR00eJ9g@mail.gmail.com> <[email protected]> <CAAAwwbWXUNQKo24mHH+qyC=0uZYAzV3WqrpERg3dmCjCy0fEyg@mail.gmail.com>

On Sun, Dec 30, 2012 at 10:26:36PM -0600, Jimmy Hess wrote:
> These CA's will normally require interactions be done through a web
> site, there will often be captchas or other methods involved in
> applying for a certificate that are difficult to automate.

You're kidding, right?  Captchas have been quite, quite thoroughly beaten
for some time now.  See, among others:

	http://www.physorg.com/news/2011-11-stanford-outsmart-captcha-codes.html
	http://cintruder.sourceforge.net/
	http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/
	http://arstechnica.com/news.ars/post/20080415-gone-in-60-seconds-spambot-cracks-livehotmail-captcha.html
	http://www.troyhunt.com/2012/01/breaking-captcha-with-automated-humans.html
	http://it.slashdot.org/article.pl?sid=08/10/14/1442213

---rsk

References:
- Gmail and SSL
  - From: mysidia at gmail.com (Jimmy Hess)
- Gmail and SSL
  - From: johnl at iecc.com (John Levine)
- Gmail and SSL
  - From: mysidia at gmail.com (Jimmy Hess)

Prev by Date: Gmail and SSL
Next by Date: Gmail and SSL
Previous by thread: Gmail and SSL
Next by thread: Gmail and SSL
Index(es):
- Date
- Thread