Looking for crackers/hackers.
 

Hey guys. My friend wrote his own verification sequence for his forums and needs hackers/crackers to test the security of it. If you are interested in trying to bypass it, please reply either here or send me a PM.

Thanks!

do we get access to the source code?

No, source code will not be provided.

security through obfuscation is not security.

That's great, but he simply wanted me to ask for people to try and get around it as a normal user would if he wanted to create a spambot. I doubt he'd have access to the source code then.

Out of curiosity, why did your friend write his own code instead of using some freely available spambot proof forum code? Basic rule of thumb is that if you think you're clever and will come up with your own verification / encryption algorithm ... you're not. Tried and true really does tend to be the best option.

That being said: if the algorithm is at all good, publishing it won't diminish the security of the application.

if you can stand up and say, "here is my code, here is how it works, you can't beat it, you can't stop it, you can't disrupt it," only then do you have a good algorithm. if you feel that you have to hide it, there is probably a reason you need to hide it.

I'll summarize what he replied with.

He got a custom script because loopholes are always found in open source software and he didn't want to be exposed to those. His company's PHPBB board has been hacked before. As soon as he removed the line that shows the PHBB version, there hasn't been an attempt to hack it. He says it's a very simple algorithm and that there are no problems within it. What he's looking for is to see if somebody could read the image verification, not bypass it (I guess that was my mistake). And for that, you don't need the source code.

First let me say that I'm sorry it feels like I'm going to help "gang up" on you, when you just want one thing, and everyone's taking a slightly different tact on this question instead of what you actually asked for.

Second, I'd be happy to simply help, if I was any kind of hacker/cracker; but, I'm not.

I'm compelled to add a comment about your friend's possible mis-understanding of open source software. The idea that "loopholes are always found in open source" software indicates either a poor or deliberate mis-understanding of what open source is, and also why mistakes are found in it.

Open source software is not inherently flawed, except in the sense that it's written by human beings. If the software source is found to have flaws, they're known, identified, and fixed. If open source software is thought to have "more errors" than closed source, it's because the flaws in open source are talked about openly. Closed source flaws are not talked about, and often are unknown.

With the same similarly flawed closed-source software; no one identifies flaws and shares them, they are not dealt with. Often, they're only discovered by those exploiting them and kept secret.

Closed-source anything is a bad philosophy which only came about because of an economic system that prized secrecy. It's a foolish system of thought and should go away.

Somewhat generally speaking, anyone who thinks open source software "always has loopholes" is wrong, and is making a public display of how little they know about the subject matter.

The thing is that he's using an older version of PHPBB with very well known exploits that he does not want to be subjected to.

Aye sea.

Word up.

open source has spoiled the children, the thought that openly viewable code somehow makes for better security due to flaw identification and the update that comes afterwards is foolish. While it's true that flaws are found and updated by the public or the creator the time from identification to fix leaves the software knowingly at risk and even after the fix the users of the software are still at risk until they get the patch/update. Closed source is better secured, yes obscurity is good security, so long as it's not forgotten and checked/updated every so often. Put it this way is it better that the whole world knows you keep a spare key to your home under your doormat or if only a few people in the world know? I mean sure if everyone on earth knows your key is under your doormat someone can tell you that you need to get rid of the spare under the doormat but if your at work you have to wait to get home all the meanwhile everyone knows that your key is under the doormat unless you fixed the situation. So is that more secure than just a few people knowing and no one really telling you you shouldn't have it there.