Slashdot Mirror
Now Google's CAPTCHA Is Broken
steveit_is writes "Yesterday it was reported that Microsoft's revised CAPTCHA had been cracked. Now it's Google's turn. In a move that is sure to surprise no one, the spammers behind 'Xrumer' have announced that they've not only cracked Google's CAPTCHA, but other forms of image verification as well, including 'pick the cat' style CAPTCHA."
"To continue, guess which finger I'm holding up."
I've got all the email addresses I want so lets just consider the internet closed to new entrants. I know it sounds draconian but I think we should build a great big firewall around the internet to stop all these illegal immigrants^H^H^H^H^spammers getting in.
Either that or can we just turn a blind eye while Google DDoSes every server associated with these people into oblivion.
An Eye for an Eye will make the whole world blind - Gandhi
... you've got to admit that it's one hell of an achievement.
THE HONOUR OF THE KNIGHTS - CC Licensed Sci-Fi Novel
Announcing that one has cracked something and actually having cracked that something are two different things. Folks like these are not the most trustworthy sources, especially for their own exploits - er, "sploits".
If you want news from today, you have to come back tomorrow.
1. Make the proof for P=NP the new CAPTCHA
2. Wait for crackers to solve it.
3. Profit!!
The grass is always greener on the other side of the light cone.
I've had a few 'pick the cat' captchas where I couldn't even identify if the thing was actually supposed to be a cat!
This guy's the limit!
Google has become a key enabler in spams and scams, because it's so easy to create GMail accounts in bulk. Many sites block email addresses from Hotmail and AOL, because they're mostly either spammers or losers. GMail once had a better reputation, because it was launched as an "exclusive" service. But we're getting close to the point where probably time to start blocking GMail addresses too.
Want to see a GMail scammer in action right now? Read this.
Because they are defrauding Google, Spamming US citizens and generally running a muck. That's what jails for for.
Yeah, jail all those muck-runners! (what is a 'muck'?)
This guy's the limit!
Maybe instead of CAPCHA's sites should start using those math problems from DARPA's really hard math problems since these people seem to be so good at solving complex computational problems.
They probably should be, honestly. However, why not be thankful that the opposition is being open about their abilities to crack security? Obviously, a CAPTCHA system isn't going to work for the future; we should be developing a new methodology for verification.
OK can someone pleas hire these guys to work on handwriting recognition software? If they can ready these bizarrely twisted captchas why can't Palm read my name?
501 Not Implemented
aren't these guys in jail?
I think the real question is: why are these people not working in research institutes? Image recognition is a hard problem. It's baffling that someone with that kind of talent would be working for spammers instead of in a tenured university position.
You (but mainly parent poster) might be interested to know that the word is actually "amok" which is defined as a "psychic disturbance characterized by depression followed by a manic urge to murder."
Indeed, this is what it means to "run amok." Also refer to the classic Looney Tunes clip, "Duck Amok."
hmmm... this is either Informative or Off-Topic. Guess I'll leave that to the moderators to decide.
sig has been sent away for a few small repairs...
Being a criminal has excellent hours. And the job interview is easy. You never have to worry about being fired, laid off, etc, and you are responsible for your own paychecks. It's kind of like being a contractor, with the added benefit that you can choose your customers whether your customers are happy about it or not (usually not).
Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
How about the Death Penalty for anyone who suggests the Death Penalty for anything besided truly heinous crimes? Oh, no, I just ate my tail.
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
It's baffling that someone with that kind of talent would be working for spammers instead of in a tenured university position.
Not when you consider how much professors make vs. how much spammers who can beat captchas can make. Hint: if you find a quick way to factor semiprimes, don't snag $1 million from the Clay Institute. Reap $1 billion from credit cards. If you can easily toss aside ethics.
Incidentally, I was just reading Douglas Hofstadter's Metamagical Themas, where he goes in great depth talking about the difficulty of defining the letter "A", and how people are capable of recognizing A's in truly bizarre fonts. (And how it carries over to native readers of Chinese and defining Chinese characters.) He pursuasively argues that ability to recognize any 'A', including all the bizarre fonts with 'A' is AI-complete (though of course he didn't use that term). So it seems there's quite a ways to go in making captchas harder: don't just distort the image; use the craziest fonts you can.
Information theory is life. The rest is just the KL divergence.
It's baffling that someone with that kind of talent would be working for spammers instead of in a tenured university position.
Why $pammer$ in$tead of $chool? I$ that really your que$tion? $omehow, I think you might have mi$$ed the mo$t obviou$ motivation.
HSJ$$*&#^!#+++ATH0
NO CARRIER
Why should we believe this any more than we believe a cream can add two inches to your penis?
Possible bad example. Shaving cream along with a razor actually can add visible inches to a man's penis by taking pubic hair out of the way.
Another benefit is that the drug tests aren't "Have you?" they are "How much do you want?"
From TFA:
This time those evil Russian bastards..
That would be why.
What does being born out of wedlock have to do with it?
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Killing people is wrong. Comparing people to pests is something that the Nazis liked to do, with the same intention: to pave the way for killing people.
What if Godwin's Law carried the Death Penalty?
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
"I think the real question is: why are these people not working in research institutes? Image recognition is a hard problem. It's baffling that someone with that kind of talent would be working for spammers instead of in a tenured university position."
So, I have a Ph.D. and know how to write this kind of software (well, I know how to go about writing this kind of software and have done it for other domains). Here's why I'm not working at a research institute or pursing a tenured university position:
First off, research institutes don't really exist anymore. There are a few corporate labs left, but they all focus on medium term product development (5 years out). The national labs still exist, but they're managed like businesses now and it's more difficult to do pure research at them. University "institutes" are just glorified research labs. If you're not the PI, you're either a post-doc, grad student, or tech, none of which is a viable long-term career option.
To get tenure, you have to spend 4-8 years working non-stop writing grants to fund students to do research so you can build up a publication record that impresses the tenure committee. Note that grants and pubs are both necessary: grants show you can bring money into the university, publications get the approval of the committee members outside your domain who only know how to assess research abilities by impact factors.
During this time, all your research is done by graduate students, who are often at the beginning of the careers and have limited technical abilities. They may be brilliant, but they are not the most efficient workers. So, not only do you have to publish, but your labor pool consists of people with 1-3 years experience.
Before tenure, you'll also only pull in about $60-90k/yr (and I know two very smart people who worked for free their first year as "visiting professors" just to get their foot in the door). At the end of this, if you don't get tenure, you're unemployable until you build up some marketable skills.
Contrast this with industry positions. While you don't get to work on whatever you want, there are some very interesting problems out there if you take your time to find a good position. At work, you're hired to do a job, not chase down funding, so you can spend more time working on the fun stuff. The hours are reasonable, so you have time in the evenings for other projects/hobbies (you don't have free time in academia). If you're selective in your employer, you'll also work with people with a broad range of experience and skills. You'll also make more money. And, if you're good and publish from time to time, you can get a tenured position later in life without having to go through the tenure process.
Of course, if you're evil, you can also find work breaking CAPTCHAs and building bot nets.
Note that though this sounds bitter, I'm not... I had a blast going back to school and highly recommend it to people mid-career (hint: go to the mid-west where it's cheap to live and your quality-of-life will remain about the same). But, modern academic environments just don't present an enticing career path.
-Chris
Well, CAPTCHAs aren't true Turing tests; the goal of the classic Turing test is to force the computer to exhibit human intelligence in a back-and-forth interaction with an actual human. A CAPTCHA presents only a single intelligence-based challenge (recognizing the image). But if the CAPTCHA is considered to be a kind of limited/lazy Turing test, passing it "honestly" would consist of being able to recognize images in general, like a human, not by merely knowing how to solve the limited scope of image-puzzles that the particular CAPTCHA uses. So in that sense, these CAPTCHA-breakers do "cheat" or "break" the test by exploiting that limited scope.
What does Microsoft have to do with it?