Tell Me About Yourself: The Malicious CAPTCHA Attack
Citations
182 citations
70 citations
36 citations
Cites background from "Tell Me About Yourself: The Malicio..."
...When a user initiates a registration process in the attacker’s website, the attacker either asks the user to identify herself with her email address or launches another cross-site attack to extract it [14]–[18]....
[...]
...For some websites, the attacker may be able to use crosssite attacks such as cross-site scripting [14], cross-site script inclusion [17], or newer techniques [18], [19] to gather details about the user....
[...]
...[16], [18] users must also be authenticated to the attacked website....
[...]
15 citations
Cites background from "Tell Me About Yourself: The Malicio..."
...Therefore, researchers have proposed a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) mechanism to generate a test for the computer to confirm whether the remote user is human automatically [3]....
[...]
14 citations
References
1,155 citations
"Tell Me About Yourself: The Malicio..." refers methods in this paper
...In addition to its basic graphical layout and design that was based on the popular reCAPTCHA [27], our CAPTCHA implementation differed...
[...]
...The ReCAPTCHA project [27] used the text challenge to include images of words that optical character recognition...
[...]
[...]
995 citations
176 citations
Additional excerpts
...known cross-site login detection techniques [6,13,20,26]....
[...]
159 citations
Additional excerpts
...This motivated other defenses against clickjacking [1, 3, 17]....
[...]
159 citations