If you're talking about the actual file (not file name, which should be random as well), you are correct. I guess they should also sprinkle it with extra dots or colors to make it even more unique.:-D
..downloaded hundreds of thousands of possible CAPTCHA challenges from reCAPTCHA. They identified the file ID of each CAPTCHA challenge and created a database of CAPTCHA "answers" to correspond to each ID. The bot would then identify the file ID of a challenge at Ticketmaster and feed back the corresponding answer."
This was an easy one. Why didn't the developers implement a random ID for each captcha created? For example, if my CAPTCHA system produced "Ableoo", I would put this in a temporary table with a random unique ID. In fact, to make it more secure, I would put a time stamp on it so that it's only active for 1 minute! The next time it produces the same Captcha, it will use a different ID.
Slashdot Mirror
If you're talking about the actual file (not file name, which should be random as well), you are correct. I guess they should also sprinkle it with extra dots or colors to make it even more unique. :-D
..downloaded hundreds of thousands of possible CAPTCHA challenges from reCAPTCHA. They identified the file ID of each CAPTCHA challenge and created a database of CAPTCHA "answers" to correspond to each ID. The bot would then identify the file ID of a challenge at Ticketmaster and feed back the corresponding answer."
This was an easy one. Why didn't the developers implement a random ID for each captcha created? For example, if my CAPTCHA system produced "Ableoo", I would put this in a temporary table with a random unique ID. In fact, to make it more secure, I would put a time stamp on it so that it's only active for 1 minute! The next time it produces the same Captcha, it will use a different ID.