[Full-disclosure] H2HC 2010 Sao Paulo - Capture the Flag



The game this year is entitled Capture the Captcha!

A Captcha is a type of challenge-response test used in computing to
ensure that the response is not generated by a computer. It is a
contrived acronym for "Completely Automated Public Turing test to tell
Computers and Humans Apart."

The process usually involves one computer asking a user to complete a
simple test (Captcha) which the computer is able to generate and grade.
Because other computers are unable to solve the Captcha, any user
entering a correct solution is presumed to be Human.

There are a lot of Captcha implementations out there, written in JSP,
PHP, ASP, .NET which are very poorly implemented and introduce serious
bugs in Web applications they are supposed to protect.

We developed 10 different Captcha implementations, each with its own
weakness, for participants to break using automation and hacking
techniques with the objective of bypassing the human verification process.

Teams (or a single participant) are scored on their success in breaking
the security behind every presented Captcha on the game.

This CTC contest is designed to serve as an educational exercise to give
participants experience in securing Web Applications from automated
attacks, as well as conducting and reacting to the sort of Captchas
found in the wild.

The participants will need to register during the conference and the
winner will need to provide full information in order to receive the
major prize: The Nessus Professional Edition from Tenable!

We would like to thanks to Tenable for providing us the prize and for
Bonsai for developing such an interesting game.



Regards,


Rodrigo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Whats your Captcha game?
    ... Describe the game that you just named. ... because Captcha is evil and should be burnt at the stake! ... the time I can't even read what I'm supposed to be typing, ... The false word does not have to be ...
    (uk.games.video.misc)
  • H2HC 2010 Sao Paulo - Capture the Flag
    ... The game this year is entitled Capture the Captcha! ... for participants to break using automation and hacking ... major prize: The Nessus Professional Edition from Tenable! ...
    (Bugtraq)
  • [Full-disclosure] Capture the Captcha - The Game
    ... Our Capture the Captcha game is now on-line: ... BugCON in 2010. ... Bonsai Information Security Project Leader ...
    (Full-Disclosure)
  • [Full-disclosure] =?iso-8859-1?q?H2HC_S=E3o_Paulo_-_Capture_the_C?= =?iso-8859&#
    ... We would like to thank to our sponsors for making this game possible: ... Bonsai for hosting the game and Tenable for providing the prize! ... simple test (Captcha) which the computer is able to generate and grade. ...
    (Full-Disclosure)
  • Re: Whats your Captcha game?
    ... Describe the game that you just named. ... because Captcha is evil and should be burnt at the stake! ... thing is annoying, frustrating and time wasting! ... The false word does not have to be ...
    (uk.games.video.misc)