Damn Spam!
Search 

The Death of CAPTCHAs?

   

CAPTCHAs, for those not familiar with the acronym, are those little images of distorted words or letters that you have to type in on some sites in order to register as a user or post a comment. The idea is that only a human could read those, while a spambot, even with the help of OCR, could not.

There's been some heated debate about CAPTCHAs ever since they've become commonplace. They are obviously not for people with bad or no eyesight - and even people with good eyesight often have problems deciphering them. Plus, there have already been reports of CAPTCHAs being overcome, either because of bad implementations (the first incarnation for the popular phpBB forum software was such a case) or simply by hiring cheap labour to break them manually.

Now, did you check the email spam you have been getting lately? In order to defeat the Bayesian spam filters, more and more spam is being hidden in images instead of the actual email's message text. The spam filters responded to this by applying OCR to those images and the spammers in turn responded with distorted images. In other words, the (email) spammers are now using methods that have been developed to keep the (comment) spammers out. Nice.

And now, in an even more ironic twist, the anti spammers may even help the spammers, since the makers of spam filters are looking into ways to machine-process, i.e. read, those distorted images.

In other words: Expect CAPTCHAs to become worthless soon.

Story Options

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/the-death-of-captcha

Here's what others have to say about 'The Death of CAPTCHAs?':

Damn Spam! - Decline of spam? You wish!
Tracked on Saturday, December 08 2007 @ 20:44 CET

Greetings from Pakistan - Damn Spam!
[...] to Siemens Pakistan. That may be a coincidence, of course. Anyway, all this is just one more nail in the coffin of CAPTCHAs ... Filed under: Comment Spam () View Printable Version Trackback Trackback URL for this entry: [...] [read more]
Tracked on Saturday, December 06 2008 @ 09:41 CET

The Death of CAPTCHAs? | 9 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Just to prove my point

Yahoo CAPTCHA Hacked (Slashdot). It also points out that it's not really necessary to completely break a CAPTCHA:

It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100,000 tries per day

A 100,000 tries are easily done when you control a medium-sized botnet.

Authored by: Dirk on Wednesday, January 30 2008 @ 10:04 CET
Just sayin' ...
Authored by: Dirk on Wednesday, February 27 2008 @ 11:09 CET
And another one ...
Authored by: Dirk on Wednesday, April 16 2008 @ 10:27 CEST
More of the same

Deciphering the PHP-Nuke Capthca. Note the with 100% accuracy ...

And it doesn't look much better for audio CAPTCHAs: Deciphering the Simple Machine's Forum audio Captcha

Authored by: Dirk on Monday, April 21 2008 @ 21:15 CEST
No, audio CAPTCHAs aren't going to stop anyone
Authored by: Dirk on Friday, May 02 2008 @ 17:41 CEST
The Death of CAPTCHAs?

And then there's always the option to hire some low-paid workers to break the CAPTCHAs for you: Inside India’s CAPTCHA solving economy.

Authored by: Dirk on Saturday, August 30 2008 @ 22:03 CEST
Amazon, too

Alternatively, you can use Amazon's "Mechanical Turk".

Authored by: Dirk on Tuesday, September 02 2008 @ 07:59 CEST
More broken CAPTCHAs

Reports via Slashdot here and here. The first one is probably a duplicate of an earlier story (this being Slashdot after all ...).

The second one is more interesting. The infamous spam software "XRumer" now comes with CAPTCHA breakers built-in (or rather, with more advanced ones, since it could do that for a while). Including, so they claim, the ability to break CAPTCHAs that are based purely on images ("spot the cat").

I think this quote from the discussion sums it up nicely:

Soon, the only thing that will be able to read a CAPTCHA will be automated spam bots. The new CAPTCHA test will be: "If you can read this CAPTCHA, you are a spammer."
Authored by: Dirk on Thursday, October 02 2008 @ 21:18 CEST
How to solve CAPTCHAs in JavaScript

Interesting: A CAPTCHA solver, written entirely in JavaScript(!).

Authored by: Dirk on Saturday, January 24 2009 @ 18:14 CET

Copyright © 2013 Damn Spam! Powered by Geeklog