Note: Nilesh's weblog is accessible to all versions of every browser. However, this browser may not support basic Web standards, preventing the display of our site's design details. We support the mission of the Web Standards Project in the campaign encouraging Internet users to upgrade their browsers. (Read More)

Nilesh's Weblog

«« Indibloggies 2004 | Main | Even in a cabinet meeting »»

Defeating CAPTCHAs

December 9, 2004 02:31 PM


If you have commented on Yazad's or Madman's weblogs, you must have noticed the small images with numbers in them. Called CAPTCHAs, they literally expand to Completely Automated Public Turing test to tell Computers and Humans Apart. As you may have guessed it, they help in keeping software bots at bay, in web applications. In case of weblogs, they help in blocking automated comment spamming tools.

The most popular CAPTCHAs are the ones which display an image with distorted text and expect the human reader to read the text and enter it in a textbox. The assumption is an automated bot wouldn't be in a position to identify distorted text in the image. Then there are those which ask the user to hear to a short audio clip of distorted voice and write what was said in the audio clip.

Aren't they secure enough? No, they are not. Computer researchers at UCB have developed a program which can solve "ez-gimpy" (from captcha.net) with 92% accuracy. Spammers have devised unique ways of cracking CAPTCHAs. Someone designed a software robot that would fill out a registration form and, when confronted with a CAPTCHA test, would post it on a free porn site. Visitors to the porn site would be asked to complete the test before they could view more pornography, and the software robot would use their answer to complete the e-mail registration.

Isn't that incredible? The easiest way to bypass CAPTCHAs — software bots using humans to do their work! So what could be the next solution? The answer is logic puzzles. You can present a simple problem to the user in the form of 3 + 5 = ?. Software bots will have to be very advanced in parsing text and figuring out the problem and then figuring out the solution for the problem.



Comments

1 comment has been added. Add your comments.

1. Sachin Nair said...

It's interesting how these computer programs operate bordering sometimes on the insane. Its still more interesting to find people who would think up of ways to get past the walls every blogger sets up to get past spam!

Am pretty sure that logic puzzles might work but deifnitely only to the extent till spam bots become advanced enough.

There has to be some other way!! ..

on Dec 15, 02:53 PM | link to this comment


Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.

Name


Email


Homepage


Comments (required)


Remember Me??







nilesh.org
© 2000-2003. Nilesh Chaudhari (mail AT nilesh.org)