Making CAPTCHAs Even Harder With 3-D Models

Michael G. Kaplan writes "CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) are commonly used to prevent computers from filling out web forms. Computer vision experts have been able to design programs to foil CAPTCHA with a high degree of success. I have designed a CAPTCHA that is based on the identification of attributes contained in an image generated by the grouping of easily recognized 3-D objects. I call this the Virtual Photographic CAPTCHA and it is likely to remain invulnerable to automated attack for many years to come. A novel anti-spam system necessitated its development."

Implementing CAPTCHAs with PHP

[shiflett]

PHP developers might find this article useful:

http://phpsec.org/articles/2005/text-captcha.html

I don't like it already

[A+beautiful+mind]

Check the last sentence on his page.

"Patents pending."

Tyvm, but no.

*blows whistle* Five-minute major...

[kapella]

...for not understanding core principles of Ethernet.

Although it's tangential to the topic, you can't "ban by MAC addresses". Not unless you're on the same ethernet segment as the attacker. Try it the next time you've got access to a few machines separated by at least one router. Ping from two different machines to a third on another network and run tcpdump to inspect the MAC addresses on the packets. Let me know how it turns out. (hint: they'll have the MAC address of the router)

Re:Heh...

[farnz]

Only works if the originator has a globally unique MAC address. Think dial-up modems, point to point links, private systems using administrator defined addresses (UML hosts for example)...