Clan x86

Technical (Development, Security, etc.) => General Security Information => Topic started by: Blaze on March 05, 2008, 08:50:33 am

Title: CAPTCHA!
Post by: Blaze on March 05, 2008, 08:50:33 am

http://www.codinghorror.com/blog/archives/001067.html

Quote

In November 2007 I called these three CAPTCHA implementations "unbreakable":

Google
(unbreakable)
(http://www.codinghorror.com/blog/images/captcha-decoder-7.png)

Hotmail
(unbreakable)
(http://www.codinghorror.com/blog/images/captcha-decoder-8.png)

Yahoo
(unbreakable)
(http://www.codinghorror.com/blog/images/captcha-decoder-9.png)


08 is shaping up to be a very bad year indeed for CAPTCHAs:

    * Jan 17: InformationWeek reports Yahoo CAPTCHA broken (http://www.informationweek.com/news/showArticle.jhtml?articleID=205900620)
    * Feb 6: Websense reports Hotmail CAPTCHA broken (http://www.websense.com/securitylabs/blog/blog.php?BlogID=171)
    * Feb 22: Websense reports Google CAPTCHA broken (http://www.websense.com/securitylabs/blog/blog.php?BlogID=174)

[More]

Heh, I don't like captchas too much, either, but I agree with him that they're kind of necessary.  So.. now that the best of them are broken, what happens?

Title: Re: CAPTCHA!
Post by: Newby on March 05, 2008, 09:34:16 am

Good riddance to Hotmail. I can hardly read some of those letters. :P

Title: Re: CAPTCHA!
Post by: iago on March 05, 2008, 09:48:29 am

Yeah, CAPTCHAs are a broken paradigm. I'm interested to see what'll come next. :)

Title: Re: CAPTCHA!
Post by: d&q on March 05, 2008, 01:48:43 pm

Hm, it seems to me that all this technology being developed to break CAPTCHAs could be put to very good use...like converting image eBooks to text.

Title: Re: CAPTCHA!
Post by: Newby on March 05, 2008, 04:58:30 pm

Quote from: Deuce on March 05, 2008, 01:48:43 pm

Hm, it seems to me that all this technology being developed to break CAPTCHAs could be put to very good use...like converting image eBooks to text.

Carnegie Mellon did something similar in a project. It presented two CAPTCHA words: one was a CAPTCHA, and the other was a word out of an old physical book, and if the first one registered as correct, the second one was (assumed to be) correct as well, and if the second word was "correct" enough times, it was removed and cycled with another word.

Title: Re: CAPTCHA!
Post by: abc on March 05, 2008, 05:02:52 pm

It'd also be wicked cool if you could just scan a paper, and have it show up on the screen in an editable word document. :)

Title: Re: CAPTCHA!
Post by: Sidoh on March 05, 2008, 05:04:58 pm

Quote from: Dale on March 05, 2008, 05:02:52 pm

It'd also be wicked cool if you could just scan a paper, and have it show up on the screen in an editable word document. :)

http://en.wikipedia.org/wiki/Optical_character_recognition

Title: Re: CAPTCHA!
Post by: Blaze on March 05, 2008, 10:30:22 pm

I've always wanted to work on a CAPTCHA solver, but I haven't had time yet.

Title: Re: CAPTCHA!
Post by: iago on March 05, 2008, 10:49:02 pm

I wrote one once, a really simple one that used some statistical stuff. It worked about 10% of the time on my friend's CAPTCHA, which was enough to win me a free lunch. :D

Title: Re: CAPTCHA!
Post by: Joe on March 06, 2008, 03:22:32 am

Theres no such thing as a free lunch.

Title: Re: CAPTCHA!
Post by: Camel on March 07, 2008, 02:03:04 pm

I'd imagine using a sans-serrif font alone would help to throw a captcha solver.