Gizmodo: captcha

How Well Do You Really Know Your Significant Other?

Adam Frucci — Fri, 04 Sep 2009 14:45:00 EDT

It just never hurts to take the test. I'm just saying. [xkcd via The Daily What]

Dream Captcha: Type The Characters You See Here For Nightmare Protection

John Mahoney — Tue, 07 Oct 2008 12:30:00 EDT

Spam bots deserve every nightmare. Jeffrey Augustine's Dream Captcha updates a familiar faux-cultural symbol with the security layer consumers expect from their nocturnal hallucination protection device. [Jeffrey Augustine via Neat-o-Rama]

Gmail CAPTCHA Cracked in Teams; Bots Get 'Tude

Wilson Rothman — Wed, 27 Feb 2008 09:30:23 EST

Cracking Yahoo's CAPTCHA human verification may have been a major security-breach milestone, but now bots have been tag-teaming in pairs to crack Google's Gmail human test too, which they currently can pull off one in five attempts. During the crack, they also appear, somewhat snarkily, to read Google's help pages, perhaps as a means of preventing a timeout. [Slashdot]

Spambots Can Now Fool Yahoo CAPTCHA Tests: Yes, Worry

Wilson Rothman — Wed, 30 Jan 2008 10:39:50 EST

You know those anti-spam tests that make you enter funny characters to prove you're a human? Well, non-humans can finally fake their way into systems using the "Completely Automated Public Turing test to tell Computers and Humans Apart" too—even Yahoo's pretty secure system, according to new reports.

A Russian security researcher known only as "John Wane" (sic) says that his team has developed a system that correctly identifies the images from Yahoo's CAPTCHA system 35% of the time. According to one analyst, the irony is that the image recognition used to fight off the current generation of image-embedded spam will now be used to create the next wave of spam itself.

Yahoo apparently confirmed that this was the case:

We are aware of attempts being made toward automated solutions for CAPTCHA images and continue to work on improvements as well as other defenses.

This doesn't just finger Yahoo, since the verification technique is used by other online e-mail providers too. In the words of the analyst, the hack "could be used for spam...could be used for phishing...could create a fairly significant number of e-mail accounts." I'm thinking this also means I'm screwed next time I want tickets for a concert, too. [TMCNet via Slashdot]

Anti-Spam Turing Test Is Really Global Human-Powered OCR System

Wilson Rothman — Tue, 02 Oct 2007 09:25:00 EDT

You know the test you have to take on Digg or Facebook, the one that proves you're a human? You see a hard-to-read word or string of gibberish, and you type in the correct characters. Carnegie Mellon researchers decided to replace randomly generated words with actual words from ancient manuscripts, words that machines are having trouble deciphering. When you or millions of other users type in a word, you are beating a machine and helping to preserve an irreplaceable text.

The original test is called the Completely Automated Turing Test To Tell Computers and Humans Apart, or CAPTCHA. This is CMU-originated modification is called reCAPTCHA. Instead of seeing one word, you see two, one that is already verified as correct. If you think about it, that's the only way the authentication could work. Both words are further distorted to fight spammers who may well have better OCR than the libraries.

Sites like Facebook and Twitter have already started using reCAPTCHA, and right now it's processing one million words per day. That's still chump change, though. According to Luis von Ahn, a professor at CMU:

"There's no danger of us running out of words. There's still about 100 million books to be digitized, which at the current rate will take us about 400 years to complete."

[BBC News]