Stanford Researchers Teach Machines to Beat Captchas

12

Comments

+ Add a Comment
avatar

SeverianSilk

Age old problem in security. If something can create it, something can figure it out. I say we adapt the xkcd method and have captcha ask questions like "Did you cry when Littlefoot's mother died?" To determine if you're human.

avatar

thetechchild

But how would you determine the questions/answers? Pre-create a list? That would fail as a deterrent for obvious reasons.

All that needs to be added is more blurring and warping of each individual character in multiple font/color renderings, with a *random* element applied (pseudo-random, technically). If you have a character with 15 colors, and all the characters are of different size, warping, blurring, and orientation relative to the one before/after it, then you have a confusing word. Add in a distorted grid of easily distinguishable but still varied colors in the background, and you now have what looks like a rainbow mess to a computer, but a distinct word to a human.

avatar

SleepyCatChris

Serious question: has their funding been looked at to see if spammers might somehow be involved?

avatar

thetechchild

Wrong question to ask. That's like asking "are security researchers affiliated with hackers?" Taking the side of the paranoid corporations, suing and condemning those who advocate better security, is an idiotic stance. Regardless of whether or not this work could be accessed by or supported by spammers, the work itself is applicable. It proves beyond doubt that it can be done, and therefore even if spammers couldn't steal it directly, we now know they would get there soon.

A better question would be :

How and why can captchas be improved in order to thwart such methods? (or, how is ReCaptcha avoiding these flaws?)

avatar

I Jedi

This is great news, as we can finally get rid of our captcha here at MxPC.

avatar

Holly Golightly

Yes, they should have ditched captchas long ago. As a tech site, they really should have posted this info themselves long ago. Sadly, I see see those annoying captchas, and I just want MaximumPC to just get rid of them already. 

avatar

thetechchild

Funnily enough, there's quite a lot of spam on MPC... (or there was, recently) Perhaps they should've implemented peer review system (spam flagging) and autobanning of major spammers.

Also, instead of blocking or alerting if it's "wrong", simply have the user complete new ones until he/she/it thinks that one was correct, and also have autobans in place for high failure rates or extremely high overachieving (in captcha submission count). [Note that this does require you to remove any "choose different image" options]

Since you don't know how many you got right until it's over and done with, bots will have to statistically guess how many they need to complete based on their average success rate, while humans should be relatively sure after 2 or 3 tries that one was good, and have at least a 50% pass rate.

avatar

Captain_Steve

This is good news for Maximum PC; they no longer have to feel bad about not being able to keep the bots out of the comments section.

avatar

kixofmyg0t

Very good web.

 

visit www.maximumpc.com PC review! very nice for you!

 

you wil love!

 

 

(actually tried to look for a actual spam post to infringe...err...copy and couldnt find one. +1 to max pc staff for cleanin up! Also the fact that I got hit up with a capcha in posting this is just bitter irony lol)

avatar

ABouman

Not entirely sure what's working but we HAVE seen a lovely absence of spam latley...

avatar

Neel Chauhan

Why doesn't Maximum PC use Google's ReCaptcha instead of whatever is used now.\

By the way, my captcha was MZikQ

avatar

kixofmyg0t

Until now. Funny, I had to do a capcha on every post in here but a bot managed to post spam....

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.