[cryptography] CAPTCHA as a Security System?
johnl at iecc.com
Mon Jan 2 14:44:05 EST 2012
>The reason I ask is Wiseguy Tickets Inc and their gaming of
>Ticketmaster's CAPTCHA system to buy tickets . Eventually, Wiseguy
>Tickets was indicted, and the indictment included a an assertion,
>"[Wiseguy Tickets Inc] defeated online ticket vendors' security
>mechanisms" . I'm not convinced CAPTCHA is a security system, and I
>definitely don't consider it a system to protect multi-million dollar
Law is not software. Ticketmaster's CAPTCHA is a security system in
the sense that it is obviously meant to keep out robo-purchasers. It
doesn't matter that CAPTCHAs are not impossible to defeat, it matters
that any reasonable person can understand what's going on.
To draw a rough analogy, if I'm arrested for breaking into your house,
it is not a defense that I couldn't have done it if you had a stronger
lock on the door.
More information about the cryptography