Outsmarted: Captcha security not much of a gotcha

Posted on Thursday, November 10, 2011 @ 00:31:03 PST in Security
by Raven

Southern writes:  
A team of Stanford University researchers has bad news to report about Captchas, those often unreadable, always annoying distorted letters that you're required to type in at many a Web site to prove that you're really a human.

Many Captchas don't work well at all. More precisely, the researchers invented a standard way to decode those irksome letters and numbers found in Captchas on many major Web sites, including Visa's Authorize.net, Blizzard, eBay, and Wikipedia. This chart shows how successful Decaptcha was in decoding each Web site's anti-bot mechanism. The column marked "precision" shows the success rate.

This chart shows how successful Decaptcha was in decoding each Web site's anti-bot mechanism. The column labeled "precision" shows the success rate.

Their decoding technique borrows concepts from the field of machine vision, which has developed techniques to control robots by removing noise from images and detecting shapes. The Stanford tool, called Decaptcha, uses these algorithms to clean up the image so it can be split into more readily recognized letters and numbers.

"Most Captchas are designed without proper testing and no usability testing," Elie Bursztein, 31, a postdoctoral researcher at the Stanford Security Laboratory, told CNET yesterday. "We hope our work will push people to be more rigorous in their approach in Captcha design." Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart.

more: CNET
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 338,941,964
  • Today: 39,882
Server InfoServer Info
  • Oct 18, 2017
  • 01:38 pm PDT
 
 

Daily Inspiration