Damn Spam!
Search 

Topics

User Functions






    Lost your password?

The Death of CAPTCHAs?

    
Friday, December 01 2006 @ 22:40 CET
Contributed by: Dirk

CAPTCHAs, for those not familiar with the acronym, are those little images of distorted words or letters that you have to type in on some sites in order to register as a user or post a comment. The idea is that only a human could read those, while a spambot, even with the help of OCR, could not.

There's been some heated debate about CAPTCHAs ever since they've become commonplace. They are obviously not for people with bad or no eyesight - and even people with good eyesight often have problems deciphering them. Plus, there have already been reports of CAPTCHAs being overcome, either because of bad implementations (the first incarnation for the popular phpBB forum software was such a case) or simply by hiring cheap labour to break them manually.

Now, did you check the email spam you have been getting lately? In order to defeat the Bayesian spam filters, more and more spam is being hidden in images instead of the actual email's message text. The spam filters responded to this by applying OCR to those images and the spammers in turn responded with distorted images. In other words, the (email) spammers are now using methods that have been developed to keep the (comment) spammers out. Nice.

And now, in an even more ironic twist, the anti spammers may even help the spammers, since the makers of spam filters are looking into ways to machine-process, i.e. read, those distorted images.

In other words: Expect CAPTCHAs to become worthless soon.

Filed under: Miscellaneous
()

View Printable Version

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/the-death-of-captcha

Here's what others have to say about 'The Death of CAPTCHAs?':

Damn Spam! - Decline of spam? You wish!
Tracked on Saturday, December 08 2007 @ 20:44 CET

The Death of CAPTCHAs? | 5 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Just to prove my point

Yahoo CAPTCHA Hacked (Slashdot). It also points out that it's not really necessary to completely break a CAPTCHA:

It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100,000 tries per day

A 100,000 tries are easily done when you control a medium-sized botnet.

Authored by: Dirk on Wednesday, January 30 2008 @ 10:04 CET
[ Reply to This | # ]
Just sayin' ...
Authored by: Dirk on Wednesday, February 27 2008 @ 11:09 CET
[ Reply to This | # ]
And another one ...
Authored by: Dirk on Wednesday, April 16 2008 @ 10:27 CEST
[ Reply to This | # ]
More of the same

Deciphering the PHP-Nuke Capthca. Note the with 100% accuracy ...

And it doesn't look much better for audio CAPTCHAs: Deciphering the Simple Machine's Forum audio Captcha

Authored by: Dirk on Monday, April 21 2008 @ 21:15 CEST
[ Reply to This | # ]
No, audio CAPTCHAs aren't going to stop anyone
Authored by: Dirk on Friday, May 02 2008 @ 17:41 CEST
[ Reply to This | # ]

Copyright © 2008 Damn Spam! Powered By Geeklog