Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defeating Captcha

Posted by CmdrTaco on from the security-through-irritation dept.

An anonymous reader pointed us at PWNtcha, a package that breaks various on-line captcha algorithms. The site provides numerous examples of easy (Paypal, and an older version of Slashdot make the list) and hard Captcha. It also links various sources explaining why Captcha is a bad idea.

4 of 430 comments (clear)

  1. ADA by dnoyeb · · Score: 5, Insightful

    Having a legally blind mother that uses the web, I wonder how captcha complies with the Americans With Disabilities Act (when used by American companies of course)?

    Is it compatible with BLINUX? I think by definition it is not.

    Perhaps I should ask, what alternate method of identification do sights employ to take into account blind users and the ADA?

  2. Consider the problem by ReformedExCon · · Score: 5, Insightful

    The problem is that people are using robots to work in an autonomous manner to find ways around typical human limitations (we can only send several hundred emails a day, robots are not so limited). So people want to stop these "cheater" by making the user prove that they are a human rather than a robot.

    Is this really a good thing, though? Even on a site like Slashdot, in a story about defeating bots, the very first comment in this story is posted by a bot. How ironic is that? What is accomplished by banning users who can't read these "captchas" (what a horrendous fake word)? Nothing, apparently, as the story says. It only serves to annoy legitimate users and does nothing to hamper illegitimate robots.

    The solution is not this sort of halfway measure. The solution is to make it simply not worth the effort to be a nuisance on a discussion forum. I suppose that requires a glut of intelligent posters, but with the entire citizenry of the Internet available, that can't be so hard.

    --
    Jesus saved me from my past. He can save you as well.
    1. Re:Consider the problem by A+beautiful+mind · · Score: 5, Insightful

      "What is accomplished by banning users who can't read these "captchas" (what a horrendous fake word)? Nothing, apparently, as the story says."

      I actually disagree. The captcha method reduces spam load for most sites down to zero. Only the bigger sites need to worry, because spammers may set up a site to specifically target them by rerouting captchas. That's not the case with 99% of the websites using captchas, it's just not worth the effort.

      It's sorta like a copy protection: if it stops 90% of the people, then it's good enough.

      --
      It takes a man to suffer ignorance and smile
      Be yourself no matter what they say
  3. Re:Interesting flash-based captcha by JimmehAH · · Score: 5, Insightful

    You could just write the bot to decompile the .swf file and grab the string (or vector/raster representation of the text) from that.

    Flash is a bad format to use for a CAPTCHA from a security and accessibility point of view.