Slashdot Mirror

← Back to Stories (view on slashdot.org)

ReCAPTCHA.net Now Vulnerable to Algorithmic Attack

Posted by timothy on from the bless-you! dept.

n3ond4x writes "reCAPTCHA.net algorithms have been developed to solve the current CAPTCHA at an efficacy of 30%. The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online. Also available is a video demonstration of random reCAPTCHA.net CAPTCHAs being subjected to the algorithms." There's probably an excellent Firefox plugin to render this page's color scheme more bearable. Note: the PowerPoint presentation linked opens fine in OpenOffice, and the video speaks for itself.

18 of 251 comments (clear)

  1. Human Success? by Anonymous Coward · · Score: 5, Insightful

    So what is the average human success rate? I think mine is only about 50%

  2. Re:Speaking about re-captcha by icebraining · · Score: 4, Informative

    Currently, we are helping to digitize old editions of the New York Times and books from Google Books.

    http://www.google.com/recaptcha/learnmore

    --
    Dilbert RSS feed
  3. Hmm by Tailhook · · Score: 5, Funny

    Should I run the DEFCON presenter's giant SWF or not?

    o_O

    --
    Maw! Fire up the karma burner!
  4. Bad Hacking by pz · · Score: 4, Insightful

    Why would anyone want to do this? It's like attacking the UN peace keeping troops or the Red Cross. reCAPTCHA is doing good work, digitizing scanned printed books so that the the text can be made available for online searching. Breaking reCAPTCHA is like defecating in the village well, ensuring that everyone suffers. No one benefits from reCAPTCHA being broken. No one.

    --

    Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
    1. Re:Bad Hacking by Dhalka226 · · Score: 5, Insightful

      No one benefits from reCAPTCHA being broken. No one.

      Spammers.

    2. Re:Bad Hacking by maxume · · Score: 5, Insightful

      Actually, it could be of use to reCAPTCHA, they can just pass their test words through this system before they make them public and then use the output to help prevent similar attacks.

      --
      Nerd rage is the funniest rage.
    3. Re:Bad Hacking by Flyne · · Score: 4, Insightful

      The problem of breaking reCAPTHCA is precisely the same problem as increasing computer OCR abilities, since reCAPTCHA by design uses words which current OCR abilities are inadequate for. This is a good thing for AI and computer vision and text digitization.

    4. Re:Bad Hacking by sbayless · · Score: 5, Insightful

      No one benefits from reCAPTCHA being broken. No one

      You couldn't be more wrong. Sure, breaking reCAPTCHA would create a headache for website admins (including me, for example), but in order to break reCAPTCHA someone has to devise a better text recognition program. And that's great news! This is an example of a general side effect of the cat and mouse game that are captchas. Captcha's are a simple form of Turing Test, where website admins are trying to determine who is a computer and who is a real human being. Every time a captcha gets broken, we get a sophisticated new algorithm for doing something that previously only humans could do (or only humans could do well, at least).

  5. Re:colours by electrostatic · · Score: 4, Informative

    "...an excellent Firefox plugin to render this page's color scheme more bearable."

    Yep. Color Toggle

    https://addons.mozilla.org/en-US/firefox/addon/9408/

    I have it set so Ctl-Shift-Z set light yellow background, black text, and blue links.

  6. Re:Offtopic by Anonymous Coward · · Score: 4, Informative

    No, Firefox addons used to be called extensions, plugins are still plugins.

  7. Re:My eyes! by SomeJoel · · Score: 4, Funny

    Did you not learn when I explained this yesterday? The quote is: "My eyes! The goggles do nothing!". There is no "they", nor is there any bad pronunciation. Indeed, it is correctly articulated and enunciated, with an accent.

    Easy there champ, nobody appreciates a Family Guy nerd correcting everyone's quotes.

    --
    <Complete your profile by adding a signature!>
  8. Is this related? by Khyber · · Score: 4, Interesting

    Anybody that pays attention to 4chan recently knows they had to implement captcha due to a massive spamflood of infected morons. recaptcha got busted thanks to someone in /g/ who leaked the vulnerability in the sound system for reCAPTCHA, and the whole site was again inundated with spam, though not to the degree as the original spam attack.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  9. Re:Speaking about re-captcha by imsabbel · · Score: 4, Interesting

    Hm.
    So its for-profit work for the biggest advertising firm in the world.
    Sort of expected project gutenberg or something.
    Too bad.

    --
    HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
  10. Re:far from it by hydrofix · · Score: 5, Informative

    Since both words need to be correct "solve the current CAPTCHA at an efficacy of 1%" would be closer to the truth.

    Actually, that is incorrect. The other word is already positively known by the OCR, and serves as a control, while the other is the one that the OCR could not read. It will of course only check the one that it knowns, and assumes the other one is then correct as well. So, if you get one of the words correct AND this is the same word that as their OCR identified correctly (which is very likely the case), then you pass, but most of the time (99%) give a bad answer for the harder, non-OCR word. Sadly, this leads to pollution of their database in the long run.

  11. Re:My eyes! by SomeJoel · · Score: 4, Funny

    Judging from the other replies, meta-humor is a little hard for you guys...

    It works wonders though. For instance, the next time someone is talking about "the force" or jedis and such, tell them "Get a life, Star Trek sucks!". You'll find the reaction much more interesting than if you correctly identify the franchise.

    --
    <Complete your profile by adding a signature!>
  12. Re:My eye's... by Peach+Rings · · Score: 4, Funny

    You know a hacker is hard core when his site is monochrome in a monospace font, and he saves his files as straight up docx.

  13. Re:far from it by Jorl17 · · Score: 4, Informative

    This is not informative. As many have said. If You read: http://www.google.com/recaptcha/learnmore , you'll get it.

    Here is the deal: reCAPTCHA presents two words. One is picked by it and is previously known. The other one is a word from a book that has been scanned. Said word is unknown to the reCAPTCHA system. When the user enters both words, reCAPTCHA checks to see if the known word has been properly recognized. If that is the case, then reCAPTCHA can assume that a human is answering. Given that a human is answering, then the second unknown word given by the human is most likely correct, because he/she will be able to recognize it as well. Using this system, reCAPTCHA works as a CAPTCHA (spam prevention) mechanism and also helps transforming old books/papers into digital format, such as the New York Times.

    So, in practice, only one word has to be correct -- the word that reCAPTCHA knows. What's sad is that bots may contribute incorrect second words...

    Next time, get informed before going all crazy.

    And here is the relevant info, quoted from the aforementioned website:

    reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly. But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

    --
    Have you heard about SoylentNews?
  14. Re:My eye's... by hairyfeet · · Score: 5, Funny

    You young ones and your complaining. "Ohhh the colors suck" SO WHAT! You don't remember when the Internet was invaded by those dual demons from hell, Geocities and Comet Cursors! Now THAT was torture buddy! YOU try dealing with a page that looks like it was designed by Unicorns on a crack binge, while having a fricking pocketwatch suddenly appear and hang from your cursor like a ball of snot on a string, all while having your shotgunned modems drug down to 300 baud land thanks to a bazillion puke inspiring GIFs spinning all out of time!

    Now THAT is real suffering kid! /wanders off muttering/

    --
    ACs don't waste your time replying, your posts are never seen by me.