Silk Road forums

Discussion => Newbie discussion => Topic started by: forumuser001 on May 16, 2013, 02:40 am

Title: Captcha Security
Post by: forumuser001 on May 16, 2013, 02:40 am
With the increased attention to "digital currency", DOS attacks, SR blackouts and now M7G0X/Dw0!!a investigation, reflection is in order.  I learned about the last event through mainstream media and immediately went to the site  only to find out that I was sending login credentials to a white page (I am not a crook...but fear and loathing set in immediately as I considered what happens to login information submitted to a seized site).   I have not directly used the BC services company in dispute but it should be the duty of any company claiming to provide anonymous services to admit defeat and provide as much warning to its customers in such an event.  Announcements to non-affiliated boards is one method.  The captcha has the potential for  bi-directional validation.  If a user has a short list of unique captcha's associated to their account, they can be instructed to never login if a foreign captcha is presented.  This provides the random verification required for site admin but also a warning system to the user.  This would also apply to spoofing attempts.  A conscientious administrator could establish a procedure to discretely offset captcha assignment at a moments notice or pass info to specific user/groups via the captcha.  ...Just thinking on the fly here but typing login info to a site of questionable status is never a good place to be.