We all hate captchas, so when I saw a new captcha alternative called Qaptcha I was slightly intrigued. Instead of typing in mangled words, you simply slide a slider bar to prove you are human. How simple!
See the demo here.
But the more I looked at it, the more I thought about how it could be easily faked. All it’s doing is requiring a simple action on the client-side which would just call some ajax or something to set a cookie that you’re human. So why can’t a bot just call that javascript?
Turns out this is not secure at all. I posted on stack overflow and someone responded with a hack within a few minutes. Pretty impressive, but also pretty disappointing that it doesn’t accomplish what it’s supposed to.
Leave a Reply