Tuesday, March 11, 2008

Word verification ....

This ones comes from a video download site. A first step "no-no" for word verification. You can find that as first "Don't" in word verification steps book.

What is word verification:
Word verification is term called for verification of a word displayed in a image (most commonly). Users are asked to type the string displayed in image and server checks whether input is correct.

Why word verification:
Used to disallow hacker (Only till we come up with algorithm to identify word in the image) to write automation code to create a bulk of accounts, task which can cause server to be overloaded or out of account. A common practice used across many site.

Screen shot asking for word verification:

What's wrong with this one:
This site ask for word verification, and to reduce the server traffic (I guess), it also send the correct string in the same packet. When I saw that yesterday, you can view the correct string in the page source code.

Code is displayed in page source:
However that is fixed today, so when you view page source, its downloaded from server and displays the incorrect string. (actually page source is fake). But if you capture the packet
you can get the actual word. So can still get the word and write automated script to overload server with fake download request.

Old saying: "Security of whole setup is equal to weakest link in it!"