Quick Security Alerts for the Week Ending 3/4/2012

One Reply to “Quick Security Alerts for the Week Ending 3/4/2012”

  1. Ooh, I like the idea of this spamtrap alternative to painful Captchas:
    The Hidden-Field Scam
    The Web site’s creator makes a tempting-sounding text box labeled something like “E-mail address”—and then makes it invisible, using CSS (cascading style sheets) coding. Humans will never see that box, and will leave it empty; software bots will fill it in.

    Or from http://www.sitepoint.com/captcha-alternatives/
    6. Detect the presence of JavaScript

    If your page can run JavaScript, you can be almost certain it has been loaded in a browser by a human user. A simple in-page dynamically generated JavaScript function could perform a simple calculation or create a checksum for the posted data. This can be passed back in a form value for verification.

    An estimated 10% of people have JavaScript disabled, so further checks will be necessary in those situations.

    7. Show a verification page or fail the first posting attempt

    Bots have a tough time reacting to a server response. If you are in any doubt about the validity of a post, show a intermediary page asking the user to confirm their data and press submit again.

Leave a Reply

Your email address will not be published. Required fields are marked *