|
|
|
|
|
|
by sika_grr
3098 days ago
|
|
|
> Even if reCAPTCHA was perfect, a hacker could manually validate their usernames of interest by trying to sign up, then automate an attack on the sign in page. Why is imperfect reCAPTCHA worthless? Do sign up pages even allow brute forcing of usernames (once validated)? Is he suggesting to fix sign up pages, or to allow brute forcing usernames on login? His writing style is dramatic, but the arguments are very weak. |
|
|