Captcha Security Not Much of a Gotcha

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Just as you've always suspected, those stupid captcha things suck at everything except annoying you. Not to scare you or anything but this guy was able to crack the captcha on Visa's Authorize.net payment site 66% of the time, Blizzard's site 70% of the time and MegaUpload 93% of the time.

Many Captchas don't work well at all. More precisely, the researchers invented a standard way to decode those irksome letters and numbers found in Captchas on many major Web sites, including Visa's Authorize.net, Blizzard, eBay, and Wikipedia.
Click to expand...
 
Thats impressive considering I have a hard time deciphering them myself alot of times.
 
So can we get rid of these stupid things now? I swear, they've gotten so ridiculous with their methods of obfuscation, that I can't even read the damn things anymore.
 
CAPTCHA has been getting worse lately with using mathematical formulas or foreign alphabets such as Arabic, Kanji and Chinese caligraphy. I wonder what's going on with that.
 
I hate CAPTCA. So much that I've started not using websites that give me ridiculous ones. Numbers and foreign symbols? Yeah right, hold on while I pull up the Windows Character Map and figure out the alt-code.
 
captcha is not going to work because of sites that goal is to get p2p to solve it. that way they dont need to solve it in a wait time period using downloading sites.
 
It's even worse for use who can't see well to begin with. And the sound option? Please, that's even harder to decipher.
 
Azhar said:
CAPTCHA has been getting worse lately with using mathematical formulas or foreign alphabets such as Arabic, Kanji and Chinese caligraphy. I wonder what's going on with that.
Click to expand...

I hate it when the CAPTCHAs use foreign languages that I can't even type with an English keyboard.

Arabic being one of the more common ones I've come across. French and Spanish a close second. Chinese and Japanese last.

I've gotten a few mathematical formulas already.

I think the more creative ones I've seen was identifying an object, selecting it, and drag-and-dropping it onto a target box before proceeding. I can live with that instead of trying to discern some cryptic hieroglyphic.
 
A fun trick with captcha on some sites that use two words. One is real and its usually obvious as it looks funky. The second is clearly different and uses punctuation, so you can type whatever you want for that word which goes into some kind of database for them (basically using you as free deciphering labor).

As such, I typically type in something offensive for that word, and it accepts it all the same. :D
 
I was watching this PBS episode a few weeks ago (NOVA maybe), and it had a feature on Luis von Ahn, the 30 year old college professor who invented Recaptcha, and how it had the dual purpose of translating old texts.

I think they were painting it as some sort of wonderful example of crowd-sourcing being used to solve science/history problems, but the whole time I had an urge to throttle the dude, and wondered if he even had a clue how much the average person despises his invention :rolleyes:...
 
Funny how the only two captchas I see regularly are the only two he couldn't decipher, Google and Recaptcha. Funny, and reassuring.
 
Ducman69 said:
A fun trick with captcha on some sites that use two words. One is real and its usually obvious as it looks funky. The second is clearly different and uses punctuation, so you can type whatever you want for that word which goes into some kind of database for them (basically using you as free deciphering labor).

As such, I typically type in something offensive for that word, and it accepts it all the same. :D
Click to expand...
I'm going to have to try that out the next time. :cool:

Captcha is definitely annoying and I wonder if its pros really outweigh the cons. But it's the age-old "security vs. usability" argument, except apparently the security value of Captcha is overhyped.
 
GsdEd.jpg




..And have you ever tried entering a catchpa from a SAMOLED display?

F dat S
 
I hate those fucking things and i have been typing stupid words in all week long. every single time and who cares if a bot is using some of these crap websites anyway.



O also hate people fucking splitting files up for NO REason into 99 million parts, and people who compress crap into stupid formats even when it only saves them 6 MB on the files size it's 20 fucking 11 who gives a fuck if you save 20mb or less.

z7zip useless format, not any better than RAR or normal .zip people need stop using it and doing all the other crap the do to think they save space and they are not.

RAR don't even save any space compared to some Zip files and nobody even looks if it save any space then they use RAR password on it too you have to cracko like they are protecting there pirated contents.
 
octoberasian said:
I hate it when the CAPTCHAs use foreign languages that I can't even type with an English keyboard.

Arabic being one of the more common ones I've come across. French and Spanish a close second. Chinese and Japanese last.

I've gotten a few mathematical formulas already.

I think the more creative ones I've seen was identifying an object, selecting it, and drag-and-dropping it onto a target box before proceeding. I can live with that instead of trying to discern some cryptic hieroglyphic.
Click to expand...
The ones I've seen using foreign characters (accents and umlauts) don't actually care if it's the correct character or the English character.

In fact, I've had some CAPTCHAs that let me through, even with a typo. >.>
 
Cube said:
I hate those fucking things and i have been typing stupid words in all week long. every single time and who cares if a bot is using some of these crap websites anyway.



O also hate people fucking splitting files up for NO REason into 99 million parts, and people who compress crap into stupid formats even when it only saves them 6 MB on the files size it's 20 fucking 11 who gives a fuck if you save 20mb or less.

z7zip useless format, not any better than RAR or normal .zip people need stop using it and doing all the other crap the do to think they save space and they are not.

RAR don't even save any space compared to some Zip files and nobody even looks if it save any space then they use RAR password on it too you have to cracko like they are protecting there pirated contents.
Click to expand...

Solution: stop uh, downloading Linux distributions.
 
There was a story a while back about a group that beat captchas by routing them to a free porn site.
Users accessing the porn were solving other sites' captchas. I thought that was extremely clever crowdsourcing.
 
Cube said:
O also hate people fucking splitting files up for NO REason into 99 million parts,
Click to expand...
More parts has something to do with getting more points. The more files you upload on some of those sites the more download points you get. Its biased on file count not size so people do this.

Cube said:
z7zip useless format, not any better than RAR or normal .zip people need stop using it and doing all the other crap the do to think they save space and they are not.
Click to expand...
Screw .zip, i use .rar for everything, have for a while. Mostly because the winrar is 'free'. No nag screens on the right click menu -> extract option so I always use that. It also allows you to specify cut size which I do have to do at times. 7z can freck off.

Cube said:
then they use RAR password on it too you have to cracko like they are protecting there pirated contents.
Click to expand...
They do this because they are probably uploading something that breaks the download site's ToS. Putting a password on it prevents their staff/bots from looking at the files inside and possibly pulling the file.
 
Gah forgot to add something on topic to my last post.

I have yet to see one of those things use non roman letters/numbers. Haven't really seen any even use symbols either. I have seen the math ones recently tho but they seam to be rare.

Captcha, the only thing more annoying than Age Gate's.
 
sorry doodz, you might hate them but they are here to stay.
certainly motivated people can easily hack them, but that is the 1%
the other 99% are lazy scumbags who will write automated scripts to exploit your site if you don't have them.
 
I didnt mind Captcha until they started putting a squigly line through the words. Now I find it very hard to read them because I have bad eyesight.
 
Here at university (RIT) there is work being done where they are making video based captchas where you have to give a description of the video in a few select words out of many.
 
All I have to say, is put the other shoe on. Try keeping these bots OUT of your site or network and realise they have to do something to stem the flow. What would you have them do? Not have the site accessible? It is like anything else, a55hats out there are ruining it for the rest of us. I didnt see many comments on how bot makers are the idiots out there, just complaining about the measures used to TRY to defeat them.
 
Instead of using Captcha, wouldn't it be more effective against computers and easier for users for some sort of scheme like the following?

Write out the sum of two plus 3. Capitalize the first and last letters only.
Answer: FivE

And just randomize one-digit numbers (both spelled out and written as a number) for the request. I should patent that. :cool:
 
beowulf7 said:
Instead of using Captcha, wouldn't it be more effective against computers and easier for users for some sort of scheme like the following?

Write out the sum of two plus 3. Capitalize the first and last letters only.
Answer: FivE

And just randomize one-digit numbers (both spelled out and written as a number) for the request. I should patent that. :cool:
Click to expand...

good theory but most people can barely follow any types of instructions, and if someone was going to write a script, it would be easy to reload your page 100 times and see what possible iterations there are for the questions you ask.
 
We might as well come up with a good way to identify humans now.

Were going to need it after the machines rise.
 
jiminator said:
good theory but most people can barely follow any types of instructions, and if someone was going to write a script, it would be easy to reload your page 100 times and see what possible iterations there are for the questions you ask.
Click to expand...
Yeah, I agree that most people don't follow instructions well, but I figure that simple math problem should be easier for most compared to trying to decipher the hieroglyphics known as Captcha.

About the iterations, yeah, one could try to determine the pattern, depending on how random the numbers are, but 1 out of 20 or 1 out of 100 of the bots getting through is still a lot better than the 65% or whatever success rates they're defeating Captcha on.
 
beowulf7 said:
About the iterations, yeah, one could try to determine the pattern, depending on how random the numbers are, but 1 out of 20 or 1 out of 100 of the bots getting through is still a lot better than the 65% or whatever success rates they're defeating Captcha on.
Click to expand...
Once you know the question format, problems like that are absolutely trivial. Anyone capable of writing a Captcha-defeating OCR algorithm could solve this in five minutes, with a 100% success rate. The only reason Captchas like this are of any use is because no one using them is a worthwhile spam target.

Re the 65% success rate, that was only for one specific site. The success rate against reCaptcha - the one you've probably run into more than all the others combined - was 0%.
 
Azhar said:
CAPTCHA has been getting worse lately with using mathematical formulas or foreign alphabets such as Arabic, Kanji and Chinese caligraphy. I wonder what's going on with that.
Click to expand...
reCaptcha works by showing you words that Google Books' OCR software has failed to identify (so it stands to reason that the spammers can't decipher them either, plus they get the added bonus of having us work at it for free). Of course, sometimes the reason they can't resolve it to an English word is that it isn't one...
 
You must log in or register to reply here.
Back
Top