Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Google Security Technology

Google ReCAPTCHA Cracked 211

Posted by CmdrTaco from the eggs-bacon-sausage-and dept.
stormdesign writes "Despite denials from Google, a security researcher continues to assert that the Search King's reCAPTCHA system for protecting Web sites from spammers can be successfully exploited by Internet junk mail panderers."
This discussion has been archived. No new comments can be posted.

Google ReCAPTCHA Cracked More

Google ReCAPTCHA Cracked

Comments Filter:

  • Google reCAPTCHA cracked... again (Score:3, Informative)

    by Anonymous Coward on Tuesday January 11, 2011 @10:53AM (#34835488)

    FTA:

    Researcher Jonathan Wilkins published a paper recently that included an analysis of reCAPTCHA’s security. In automated attacks he conducted against the system, he reported he had an alarming success rate of 17.5 percent.

    Well, last year someone showed ad DEFCON that he could solve the reCAPTCHA CAPTCHAs with an efficacy of 30% already [slashdot.org].

    So how is this news? Am I missing something?

  • News for nerds, stuff that mattered... (Score:5, Informative)

    by derfy ( 172944 ) on Tuesday January 11, 2011 @10:56AM (#34835522) Homepage Journal

    ...last year.

    Google reCAPTCHA cracked
    Written by John P Mello Jr on January 5, 2010

  • End of reCAPTCHA? (Score:3, Informative)

    by deains ( 1726012 ) on Tuesday January 11, 2011 @10:56AM (#34835538)
    As much as it's nice to know reCAPTCHA is working towards a good cause (digitising old books, if you live under a rock or something), the amount of times I've got incomprehensible jibberish from it makes me rather unsympathetic towards their cause. It'd be nice to think there was some better way of keeping spam out, but I guess developer laziness and Google's endless crusade to rule the Internet we'll be stuck trying to decipher nonsense from the 1900s for a good while yet.

  • Re:Google reCAPTCHA cracked... again (Score:5, Informative)

    by prxp ( 1023979 ) on Tuesday January 11, 2011 @10:57AM (#34835550)
    Really old news. The guy's paper is dated 2009. It might be possible that Google hasn't act on it yet, but it is the same thing from one year ago. Sensationalism mode detected!

  • Re:Theres only one weapon left in the arsenal (Score:2, Informative)

    by Anonymous Coward on Tuesday January 11, 2011 @11:09AM (#34835658)

    The trouble with this (and less funny image suggestions) is that the "CA" in "CAPTCHA" stands for "Completely Automated".

    CAPTCHAs work as a sort of AI hash function: it's easy for a computer to generate, but hard for one to solve. Using images for tests like "what position is this", or, more realistically, "is this a cat or dog" violates that principle: Creating the CAPTCHA is just as much work as it is to solve! On top of that, the finite availibility of images allows for a database attack. Even having 5-10% of the images known makes the CAPTCHA fairly useless.

    One possible furture, though, is rendered images. So, for example, have a creature creator generate a dog and cat then ask which one's bigger. There are a few discussions/papers on the topic (e.g. a least one suggests determining which object is in front of another). The point is though, that using photos is a dead end. There are too few and/or it's too difficult to determine the correct answer.

  • Re:Captcha ZDR .... (Score:5, Informative)

    by isilrion ( 814117 ) on Tuesday January 11, 2011 @11:54AM (#34836116)

    With reCaptcha, you don't have to successfully OCR the scanned word, just the control word. Usually they are indistinguishable by sight (you don't know which one is the control word), but I've seen reCaptcha instances where one word is clear and the other one is unreadable. In these cases, you can type the control word correctly and just write some gibberish for the other, and you'll beat the captcha.

    Which means that the spammer won't have to OCR the hardest of the words... just the simpler one. Run the OCR to the full text, post both words, and if the simpler one matches, you broke the captcha.

    (I make it sound so easy! It really isn't! I'm amazed that they did break it! I just wanted to point out that it isn't "OCR words that haven't been OCRd before", rather than "OCR words that have been OCRd previously and are now a bit distorted".)

  • Re:Captcha ZDR .... (Score:3, Informative)

    by thejynxed ( 831517 ) on Tuesday January 11, 2011 @01:36PM (#34837478)

    Another fun trick is how easy it is to catch spambots by using "invisible" form fields. Bots are too "stupid" to negotiate around these traps. They fill in those fields just like they do the visible ones, allowing you, the site operator, to instantly bin their nonsense to /dev/null with scripts and ban their IP addresses.

Slashdot Top Deals

Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.

Close