myspace hack

[Ezekiel]

Does anyone know how this "technology" if I can call it that way, is called or where I can find some information (ok lots of information) on how it works....

Trying to prevent brute forcing big sites have this "protection rule", after the Xnth try request an authendication code. An image that you have to type in what you see. I know I'm day dreaming but I want to "kill" the thought that I could find a way to pass through that before giving up the idea.

Anything that can get me started is welcome! Thank you in advance.

I don't quite get what you're saying. You want to know about brute force prevention?

To stop people from brute forcing web logins, websites limit users to around 5 tries before they either: a) are blocked from any more login attempts, or b) have to enter the characters shown in an image captcha.

Generally, image captchas aren't possible to beat. However, if they are poorly generated you could use some sort of OCR (Optical Character Recognition) program to read the image and enter the characters in the image. Most image captchas are designed in a way which only humans can read though.

Another method is to employ hundreds of people in a *rd world country to keep entering the characters they see in image captchas in front of them. I think some spammers are doing this to send email from services like hotmail, but it's far easier to just spoof emails directly. A method like that is nowhere near fast enough to perform a brute force.

Of course, if you find a bug in the authentication mechanism you can bypass captchas completely, but that's unlikely.

[whiteHz]

I don't quite get what you're saying. You want to know about brute force prevention?

It's not your fault, I wrote too little with bad english!

To stop people from brute forcing web logins, websites limit users to around 5 tries before they either: a) are blocked from any more login attempts, or b) have to enter the characters shown in an image captcha.

Generally, image captchas aren't possible to beat. However, if they are poorly generated you could use some sort of OCR (Optical Character Recognition) program to read the image and enter the characters in the image. Most image captchas are designed in a way which only humans can read though.

Another method is to employ hundreds of people in a *rd world country to keep entering the characters they see in image captchas in front of them. I think some spammers are doing this to send email from services like hotmail, but it's far easier to just spoof emails directly. A method like that is nowhere near fast enough to perform a brute force.

Of course, if you find a bug in the authentication mechanism you can bypass captchas completely, but that's unlikely.

You see one mistake that you are doing is believing that everyone is desperatly looking for ways to hack other people's accounts. But it's a completely different story when you try to recover, with not as legitimate ways, your own passwds, and ofcourse when noone but you gets in those accounts! (Or a person that wouldn't fall for cheap tricks). So we exclude trojans, fake pages, and so on... And where does that take us to?
Back to captchas!
Basic questions:
-How do they work? What are the known ways to defeat them? (Can I make one new?!!)
-Can I find the "bug" that you are describing?

The problem is much less complicated now, and goes down to luck! I have a lifetime ahead of me, and I'm not in any hurry!

Final question:
There must be a million people out there looking for holes like this! Is it worth being one?

I hope sharing the thoughts isn't a bad thing. There's a biig distance between theory and act.

Thank you for the information!

[Ezekiel]

-How do they work? What are the known ways to defeat them? (Can I make one new?!!)

They are images generated by a computer which in theory can only be identified by a human. The human has to enter the characters in the image to proceed.

If they are not very good, you can use an OCR program to recognize the characters instead of a human. Usually though only humans can 'decode' them.

-Can I find the "bug" that you are describing?

I'm not describing any specific bug - i'm just saying that if the web application has flaws, you could find ways around using the captcha. This is unlikely.

Final question:
There must be a million people out there looking for holes like this! Is it worth being one?

If you are intelligent and a fast learner? Yes.

If you are at or below average intelligence, forget it. There are millions of people learning about computer security these days and it takes more than a smile to get to the top. In other words if you are not smart, you have no place learning about computers.