Making CAPTCHAs Even Harder With 3-D Models

← Back to Stories (view on slashdot.org)

Making CAPTCHAs Even Harder With 3-D Models

Posted by timothy on Monday January 31, 2005 @12:01PM from the now-what-is-the-man-doing-with-the-rabbit dept.

Michael G. Kaplan writes "CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) are commonly used to prevent computers from filling out web forms. Computer vision experts have been able to design programs to foil CAPTCHA with a high degree of success. I have designed a CAPTCHA that is based on the identification of attributes contained in an image generated by the grouping of easily recognized 3-D objects. I call this the Virtual Photographic CAPTCHA and it is likely to remain invulnerable to automated attack for many years to come. A novel anti-spam system necessitated its development."

7 of 326 comments (clear)

Min score:

Reason:

Sort:

Implementing CAPTCHAs with PHP by shiflett · 2005-01-31 12:03 · Score: 5, Informative

PHP developers might find this article useful:

http://phpsec.org/articles/2005/text-captcha.html
I don't like it already by A+beautiful+mind · 2005-01-31 12:09 · Score: 4, Informative

Check the last sentence on his page.

"Patents pending."

Tyvm, but no.

--
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
1. Re:I don't like it already by graywolf001 · 2005-01-31 15:03 · Score: 2, Informative
  
  No. Its more complicated than that.
  
  A patent only grants the right to exclude others from practicing the invention and does not affirmatively grant the right to practice the invention, a patent is not considered a monopoly right.
  IBM, for instance recently opened 500 pantents for OS developers.
  Read their pledge. They agree not to assert any of their patents.
  
  It is true though, that a lot of open source advocates are fervently against patents. And Michael G. Kaplan might after all, decide to charge for this ISACS thing. But, I repeat, just because its patented doesn't mean it cannot be open sourced.
The "real" Virtual Photographic CAPTCHA link by Anonymous Coward · 2005-01-31 12:17 · Score: 1, Informative

Here is a description of the actual"Virtual Photographic CPATCHA" system, with pictures. Why this wasn't included in the original post, we'll never know. (Oh wait - maybe it was to prevent a slashdotting. Oh well.)
*blows whistle* Five-minute major... by kapella · 2005-01-31 12:39 · Score: 4, Informative

...for not understanding core principles of Ethernet.

Although it's tangential to the topic, you can't "ban by MAC addresses". Not unless you're on the same ethernet segment as the attacker. Try it the next time you've got access to a few machines separated by at least one router. Ping from two different machines to a third on another network and run tcpdump to inspect the MAC addresses on the packets. Let me know how it turns out. (hint: they'll have the MAC address of the router)
Re:Heh... by farnz · 2005-01-31 13:10 · Score: 3, Informative

Only works if the originator has a globally unique MAC address. Think dial-up modems, point to point links, private systems using administrator defined addresses (UML hosts for example)...

--
I appear to have a blog. Odd.
Re:Took a long time by js7a · 2005-01-31 14:49 · Score: 2, Informative

Also, someone should tell the guy that semicolons are not allowed inside email addresses.