These days we don't hear too much from Digg's old nemesis: KoolAidGuy, this for me is no coincidence, Digg upgraded its word verification interface, you know the letters contained in an image for you to type down, it is used for user creation and story submissions.
The new system is really easy on the eyes and includes twisted characters with spaces in between, here is a comparison:
The new system is really easy on the eyes and includes twisted characters with spaces in between, here is a comparison:
Old system:
New System:
In my opinion the previous system was exploited transforming the image to black and white and then feeding the resultant image to an OCR that takes jpeg files. This returned the string of characters needed as a confirmation token. All the process of creating users and posting phony stories or comments could be automated once this roadblock was blasted.
There was also a chance for a pattern to exist and be taken advantage of, I remember writing the same text for different posts. Having a set of known words and images with a combination of trial and error could lead to successful entry. Curiously some of the words in the previous system were misspelled on purpose, as you may see on the example above the word is college with a capital "C" instead of an "e"
Another option includes installing Diggs's word verification system and map every image to its size and its word key, maybe the previous system was based on an open source application or an application you could try free for some days.
Other theory could involve exploiting a possible relation between the name of the image file and the string it contains but that seems a little far fetched but you never know.
Maybe there was a backdoor that required no word verification to register users or post stories and comments and that hole was patched
So far the current "state of the art" with Digg's security seems to be working and it will remain that way till it can be breached again, as everything in life nothing is forever.
Unless we hear from KoolAidGuy again this example shows how a simple fix can solve a problem that seems complex and would need a lot of work, in the words of H.L. Mencken (1880-1956):
"For every complex problem, there is a solution that is simple, neat, and wrong."
I welcome any idea or comment that could enhance this post.
Bonlebon
