Audio CAPTCHAs Cracked; ReCAPTCHA Remains Strong

Falkkin writes "Ars Technica reports that audio CAPTCHAs consisting of only distorted digits or letters can be easy to crack using machine learning techniques. This includes most of the audio CAPTCHAs currently in use on the Web. The reCAPTCHA team has discussed their new audio CAPTCHA, which is resistant to this attack."

I'm sick fo CATCHA

[theaveng]

It was okay at first, but now it's reached the point where it takes me 3 or 4 tries to finally guess the letters.

It's become more hassle than it's worth. Isn't there a better way to stop bots from getting accounts?

Re:I'm sick fo CATCHA

[LilGuy]

It's almost gotten to the point where it's easier for the bots to guess the letters than for an actual human.

Reverse captcha?

Re:I'm sick fo CATCHA

[uglydog]

trust me, his mom would be down for that. in fact, she handles multiple requests simultaneously. in the true multiple cores way, not the hyperthreading way

Re:I'm sick fo CATCHA

[socsoc]

A method I use is to put an input field with a name like "subject" in a contact form and then hide it via CSS. Then if that field is populated in the form submission, the server side drops the request.

It isn't the most accessible-friendly method in the world, but once I started doing this, all spam submissions dropped out. It's not foolproof and it's just another step in an arms race, but I agree that CAPTCHAs have gotten out of hand. They are especially confusing to people who are not tech savvy and don't know why they are trying to decipher a spirograph drawing in order to do something simple on your website.

Re:I'm sick fo CATCHA

[X0563511]

Well, kudos for using CSS instead of javascript to hide it.

Re:I'm sick fo CATCHA

[greatgregg]

This only works for small sites. Certainly the Yahoos and Googles of the world can't rely on something that can be broken with 2 minutes of hacking.

Re:I'm sick fo CATCHA

I'm trying to figure out what that translates to, but it's making my head hurt. So hyperthreading means she is "emulating" multiple "interfaces" with just one... Ow.

BTW, CAPTHCA for this post? "Receptor".

Screen capture

[Dan+East]

I'm half afraid to admit this publicly, but did anyone else try clicking the "play" button on screenshot of the audio CAPTCHA player in the first article? I took me a few tries before I realized it was only an image.

Solution to AI research?

[ashp]

They should just make a CAPTCHA that requires strong AI to crack; we could make a great leap ahead in AI by letting the spammers solve all the problems for us!

RECAPTCHA

[EddyPearson]

People crack CAPTCHAs for profit. They either sell the algorithms to spammers or spam themselves.

The thing is, if you managed to reliably crack RECAPTCHA, then you've succeeded where all the best OCR software on the market has failed (All Recaptcha's are words that couldn't be deciphered by existing software). At which point there's big bucks to be made legally selling the software.

Re:Give it up already

[compro01]

Banning that way doesn't work real well when you consider dynamic IPs, distributed attacks (bot nets), proxies, etc.

Unless you're willing to ban at least a third of the world, you're not going to get much out of that.

Audio requred by law

[tepples]

In my crystal ball I see some fool who does not turn off the sound on the PC in an office.

By law, offices of companies over a certain size must accommodate people whose disability requires sound to do their jobs.

Unfortunately, history has shown that many people also still have digital camera's that make the *click* noise

By law, camera phones must make the click noise when operated within some countries to help fight voyeurism.

Re:Audio requred by law

[Waffle+Iron]

By law, camera phones must make the click noise when operated within some countries to help fight voyeurism.

That's a great idea. However, we need a law for video cameras, too.

I propose that by law, each video camera must be equipped with a prominent hand crank, and shall only record while the crank is being turned. Furthermore, as added protection, people with video cameras must wear a beret and carry a conical megaphone at all times while operating said device.

Re:REPATCHA strong?

If you get it wrong, they'll temporarily start sending you captchas in which both words are known. The chances of a bot guessing both words correctly are minuscule.

Back to Old School Methods of Verification

[Ron+Bennett]

Captchas are user unfriendly and relatively ineffective.

A more effective route is to require a new user to submit their postal address and a phone number. Then the service mails a post card containing a verification code to the postal address and/or calls the phone number. Google does this for AdSense publishers.

Ron

Re:Why are CAPTCHAs so stupid?

[fuzzyfuzzyfungus]

The tricky bit with CAPTCHA is not just asking questions that are easy for humans and hard for AI. There is a huge field of well known stuff, common sense, basic knowledge, etc, etc. that would work. The problem is asking questions that are easy for AI to ask, easy for humans to answer and hard for AI to answer.

If you have to manually populate your CAPTCHA, you have a problem. It costs just about as much(in money and time) to manually document a set of CAPTCHA questions as it would to build the set. If you can't generate questions automatically, your CAPTCHA will be expensive, or useless, or both. RECAPTCHA is interesting in that is a something of a hybrid. It makes use of real world complexity, from scanned documents; but largely automates the conversion of real world complexity into CAPTCHAs, which makes it fairly practical to use at a large scale.

Re:hell

[numbsafari]

You're probably a bot.

Re:hell

[Lobster+Quadrille]

Don't know what your problem is- I'm a perl script and I understood it just fine.