Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defeating Captcha

Posted by CmdrTaco on from the security-through-irritation dept.

An anonymous reader pointed us at PWNtcha, a package that breaks various on-line captcha algorithms. The site provides numerous examples of easy (Paypal, and an older version of Slashdot make the list) and hard Captcha. It also links various sources explaining why Captcha is a bad idea.

6 of 430 comments (clear)

  1. spammer's low-tech way by Anonymous Coward · · Score: 5, Interesting

    A while ago, I remember hearing about how some spammers whould post the Yahoo Mail (or other free email services) Captchas on the registration forms on pr0n sites. The pr0n registrants would have to fill out the Captcha, but this would then be used by the spammer to get around the Captcha without any fancy software.

  2. Mod parent up by XNormal · · Score: 3, Interesting

    It's a cheap and scaleable method to defeat such algorithms. There will always be enough humans willing to do this for very little reward (some free pics).

    --
    Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
  3. Re:ADA by donnyspi · · Score: 4, Interesting

    Instead of an image based Turing test like Captcha, I just have the last question on a log in screen or form be a randomly selected super easy question. For example, "Spell the number 7" or "What is the next logical number in the sequence 1, 3, 5, 7, ...? Check it out here: http://www.donnyspi.com/contact.php

  4. Interesting flash-based captcha by fahrvergnugen · · Score: 4, Interesting

    I just saw a great flash-based Captcha designed to combat just this sort of attack. The test was composed of white text on a white background. Colored shapes of various sizes swirled in the background behind the text in a pseudo-random pattern, and the text was visible or obfuscated depending on whether there was a shape behind it at the moment. After watching it for a few minutes to see if there were any obvious flaws, I noticed that the entire phrase was never visible all at once.

    A little patience was required, but I was able to verify in less than 10 seconds. Animation seems to be very useful for this kind of application.

    --
    Even Jesus hates listening to Creed.
  5. Easiest way to Defeat Captchas by Bondolo · · Score: 4, Interesting
    1. Put up a "free" pr0n site.
    2. Require visitors to the pr0n site to process a captcha before viewing the pr0n. In reality they are proxy processing a captcha for another site (paypal, hotmail, yahoo, etc.) which they never see.
    3. Profit!

    Captchas are next to useless and for the visually impaired very frustrating. One more of a example of a technology which annoys everyone and yet doesn't really stop the determined miscreant. <cough>airport shoe inspections</cough>

    --
    -- "Most people prefer a popular myth to an unpopular truth"
  6. Re:Old news is no news. :-( by feargal · · Score: 3, Interesting

    The problem with blending images and so on is that blind people still cannot see them.
    This slide demonstrates the problem beautifully, I think.

    With regard to the simple questions, that is indeed what I do, some simple trivia, and some basic maths, and the library is called SimpleQuestions.

    "What colour is the sky?" is actually one of the questions, and the maths question do indeed vary in form, from expression to natural language.

    The problem with the drawing requirement is that you're now blocking people who cannot draw.

    --
    "A goldfish was his muse, eternally amused"