Slashdot Mirror

← Back to Stories (view on slashdot.org)

ReCAPTCHA.net Now Vulnerable to Algorithmic Attack

Posted by timothy on from the bless-you! dept.

n3ond4x writes "reCAPTCHA.net algorithms have been developed to solve the current CAPTCHA at an efficacy of 30%. The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online. Also available is a video demonstration of random reCAPTCHA.net CAPTCHAs being subjected to the algorithms." There's probably an excellent Firefox plugin to render this page's color scheme more bearable. Note: the PowerPoint presentation linked opens fine in OpenOffice, and the video speaks for itself.

7 of 251 comments (clear)

  1. Human Success? by Anonymous Coward · · Score: 5, Insightful

    So what is the average human success rate? I think mine is only about 50%

  2. Hmm by Tailhook · · Score: 5, Funny

    Should I run the DEFCON presenter's giant SWF or not?

    o_O

    --
    Maw! Fire up the karma burner!
  3. Re:Bad Hacking by Dhalka226 · · Score: 5, Insightful

    No one benefits from reCAPTCHA being broken. No one.

    Spammers.

  4. Re:Bad Hacking by maxume · · Score: 5, Insightful

    Actually, it could be of use to reCAPTCHA, they can just pass their test words through this system before they make them public and then use the output to help prevent similar attacks.

    --
    Nerd rage is the funniest rage.
  5. Re:far from it by hydrofix · · Score: 5, Informative

    Since both words need to be correct "solve the current CAPTCHA at an efficacy of 1%" would be closer to the truth.

    Actually, that is incorrect. The other word is already positively known by the OCR, and serves as a control, while the other is the one that the OCR could not read. It will of course only check the one that it knowns, and assumes the other one is then correct as well. So, if you get one of the words correct AND this is the same word that as their OCR identified correctly (which is very likely the case), then you pass, but most of the time (99%) give a bad answer for the harder, non-OCR word. Sadly, this leads to pollution of their database in the long run.

  6. Re:Bad Hacking by sbayless · · Score: 5, Insightful

    No one benefits from reCAPTCHA being broken. No one

    You couldn't be more wrong. Sure, breaking reCAPTCHA would create a headache for website admins (including me, for example), but in order to break reCAPTCHA someone has to devise a better text recognition program. And that's great news! This is an example of a general side effect of the cat and mouse game that are captchas. Captcha's are a simple form of Turing Test, where website admins are trying to determine who is a computer and who is a real human being. Every time a captcha gets broken, we get a sophisticated new algorithm for doing something that previously only humans could do (or only humans could do well, at least).

  7. Re:My eye's... by hairyfeet · · Score: 5, Funny

    You young ones and your complaining. "Ohhh the colors suck" SO WHAT! You don't remember when the Internet was invaded by those dual demons from hell, Geocities and Comet Cursors! Now THAT was torture buddy! YOU try dealing with a page that looks like it was designed by Unicorns on a crack binge, while having a fricking pocketwatch suddenly appear and hang from your cursor like a ball of snot on a string, all while having your shotgunned modems drug down to 300 baud land thanks to a bazillion puke inspiring GIFs spinning all out of time!

    Now THAT is real suffering kid! /wanders off muttering/

    --
    ACs don't waste your time replying, your posts are never seen by me.