Analyzing CAPTCHAs

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Tuesday October 5, 2010 @01:32AM from the i-fail-more-than-i-win dept.

Bruce Schneier's blog pointed me to a research paper on "Attacks and Design of Image Recognition CAPTCHAs" (PDF). The abstract says, "We systematically study the design of image recognition CAPTCHAs (IRCs) in this paper. We first review and examine all IRCs schemes known to us and evaluate each scheme against the practical requirements in CAPTCHA applications, particularly in large-scale real-life applications such as Gmail and Hotmail."

17 of 105 comments (clear)

Min score:

Reason:

Sort:

hmm... by radicalpi · 2010-10-05 01:43 · Score: 2, Insightful

I wonder how long until we have no way of distinguishing a bot from a person. existing CAPTCHAs don't work all that well, and I can't see future ones working much better for very long. The Cylons are among us! Any one of us could be one!
1. Re:hmm... by radicalpi · 2010-10-05 01:54 · Score: 2, Funny
  
  Yeah, they're Cylons.
2. Re:hmm... by melikamp · 2010-10-05 02:09 · Score: 4, Funny
  
  It's happening already, I think, with turn-key solutions floating around featuring 20-35% accuracy. I don't have 100%, more like 80% or so, and I am a human.
  OT, but I found a way to make RECAPTCHA entertaining. With two words given, I always just type one of the words, and put "fuck" for the other. The accuracy falls below 50%, but the giggles make it all worthwhile.
3. Re:hmm... by SirKveldulv · 2010-10-05 03:03 · Score: 2, Informative
  
  Yes you can. Costs From $2-7/1000.
4. Re:hmm... by tlhIngan · 2010-10-05 03:36 · Score: 4, Interesting
  
  I wonder how long until we have no way of distinguishing a bot from a person. existing CAPTCHAs don't work all that well, and I can't see future ones working much better for very long. The Cylons are among us! Any one of us could be one!
  Well, CAPTCHAs worked because they relied on vision tests - a skill that humans still do better than computers, but computer vision is already quite advanced. Then the countermeasures came where CAPTCHAs started getting so distorted that it was impossible to determine the code (I remember a forum I signed up for - too more than 15 tries and a cookie reset).
  However, there are still difficult-for-computer-but-easy-on-humans tasks that can be done. I'm surprised no one's yet hooked a way into the Amazon Mechanical Turk or the like. Perhaps a simple one can be where you show a panoramic view along a busy street. Then you ask the question "What is the name of the store at number 763?" Or "What is the street number of ZZZ Supermarkets along this street?". "There is a large group of friends gathered near XXX store. How many people are in the group?"
  Or simpler ones - if your forum or other thing is about a specific topic, ask a question about that topic. Or even self-referential ones. "What of the following will an art thief steal? A) Mona Lisa, B) Big screen HDTV, C) Cellphone, D) Money".
  Might as well advance the state of things like image recognition and natural language queries while we're at it.
Re:PDF warning? by jolyonr · 2010-10-05 01:57 · Score: 2, Funny

And my apologies back to you and the rest of slashdot for using the phrase 'pdf file'
I should know better!

--

Please read my Canon EOS tech blog at http://www.everyothershot.com
Chinese CAPTCHA farms by Anonymous Coward · 2010-10-05 02:03 · Score: 2, Informative

I have a friend that used to bot WoW for a couple years until Blizzard got the law on their side^H^H^H^H^H^H^H^H^H^H^H^H^H in their pocket. Turns out he used to redirect bot checking CAPTCHAs to an IRC channel where the paid minions would solve them.
CAPTCHA has been a moot point to me since I witnessed this process occur in real time.
1. Re:Chinese CAPTCHA farms by buck-yar · 2010-10-05 02:10 · Score: 3, Informative
  
  I heard porn sites were require a captcha to view an image, but it was really a redirect from another captcha. So porn surfers were solving captchas for bots.
2. Re:Chinese CAPTCHA farms by clone53421 · 2010-10-05 02:37 · Score: 4, Funny
  
  That works too, especially if you have a good topless site to redirect the captchas toward.
  FTFY.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:PDF warning? by Zelkan · 2010-10-05 02:08 · Score: 2, Funny

Sounds like a Freudian slip. Got something to tell us about your love for children?
Re:Why not... by clone53421 · 2010-10-05 02:16 · Score: 2, Insightful

There are only so many such images available for use, and the image library could fairly easily be exhausted and all of the images correctly identified at which point a bot could be used with near-100% accuracy.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:Too focused on being perfect by Cro+Magnon · 2010-10-05 02:18 · Score: 3, Insightful

At some point, CAPTCHAs will reach the point where ONLY a bot can get past them.

--
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Re:Too focused on being perfect by clone53421 · 2010-10-05 02:21 · Score: 3, Insightful

Then they’re designed wrong.
You should at least skim over the paper, that’s actually a significant portion of what it’s focused on... finding something that humans are good at and bots are not. As better bots have been written, that may have changed significantly... most present CAPTCHA systems are relatively broken.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:Why not... by Rik+Sweeney · 2010-10-05 02:25 · Score: 3, Funny

There are only so many such images available for use
Not if they use images of Lady Gaga

--
Summation 2
Human resources are cheaper by Arty2 · 2010-10-05 03:32 · Score: 2, Insightful

Seriously, what use of are captchas anymore when they pay actual humans to do the dirty work? I got like hundreds of fake users with IPs from India and China in my forums, that sign up just for putting a CEO tailored message and URL in their signature.
I dread Craptcha by GarryFre · 2010-10-05 03:40 · Score: 2, Informative

Have you ever ran into Captcha that claims your response is wrong when its obvious that is is NOT wrong and tried the audio stuff? The audio version is so retarded its disgusting. It usually features two guys with grossly distorted voices uttering what sounds like 14 words of gibberish in some short conversation at the breakneck speed of an auctioneer or bugs bunny on Helium. Not a single word can be understood, and then it asks for the two words in the sentences. The worst I had ever seen of this kind of foolishness was Dev Shack. It sounds like a great site for programming resources but I can never join because I can't get past their defective Captcha. I can't even tell them its broken because the Captcha prevents any such messages from getting through. This is what I call "Craptcha" and this is no Fraudian slop. I used to run into a few like this, but not lately, but when I do, I still get that sick sinking feeling.

--
www.Migrainesoft.com - Computer giving you a headache? We can fix that!
Re:Why not... by ObsessiveMathsFreak · 2010-10-05 04:07 · Score: 2, Insightful

Reverse image searches like TinEye blow this idea out of the water before it's even begun.

--
May the Maths Be with you!