Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Next-Generation CAPTCHA Exploits the Semantic Gap

kdawson posted more than 6 years ago | from the stand-and-identify dept.

Security 327

captcha_fun writes "Researchers at Penn State have developed a patent-pending image-based CAPTCHA technology for next-generation computer authentication. A user is asked to pass two tests: (1) click the geometric center of an image within a composite image, and (2) annotate an image using a word selected from a list. These images shown to the users have fake colors, textures, and edges, based on a sequence of randomly-generated parameters. Computer vision and recognition algorithms, such as alipr, rely on original colors, textures, and shapes in order to interpret the semantic content of an image. Because of the endowed power of imagination, even without the correct color, texture, and shape information, humans can still pass the tests with ease. Until computers can 'imagine' what is missing from an image, robotic programs will be unable to pass these tests. The system is called IMAGINATION and you can try it out." This sounds promising given how broken current CAPTCHA technology is.

Sorry! There are no comments related to the filter you selected.

Too hard. (5, Insightful)

Whiney Mac Fanboy (963289) | more than 6 years ago | (#23169862)

The general public will not know what "geometric" means*.

This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.

*or annotate... or centre

Blind people? (5, Insightful)

tepples (727027) | more than 6 years ago | (#23169910)

As Captchas get harder more humans will fail them.
And as the population of the Internet grows, more blind and hard-of-sight people will be using the Internet, and they will fail visual tests deployed by web site operators who don't bother to deploy a decent audio test.

Re:Blind people? (2, Interesting)

Ngarrang (1023425) | more than 6 years ago | (#23170042)

The blind and hard-of-sight have always been poorly served by what is a very visual medium. I don't think will be changing anytime soon. And for that matter (and this may across harsh), I don't if it should be a concern. Do we lament that the blind and h-o-s cannot drive?

The cost of being all-inclusive can be too high for some budgets.

Re:Blind people? (5, Insightful)

Anonymous Coward | more than 6 years ago | (#23170186)

Do we lament that the blind and h-o-s cannot drive?
The difference is that the web consists mainly of textual information that blind people can use.

The cost of being all-inclusive can be too high for some budgets.
The same could be said for supporting minor browsers, such as Safari.

Re:Blind people? (4, Insightful)

csnydermvpsoft (596111) | more than 6 years ago | (#23170284)

The blind are able to use braille displays and screen readers to access well-designed sites. The whole point of CAPTCHAs, however, is to have images that computers are unable to read. Accessible design and CAPTCHAs have exactly opposite goals.

The Internet is becoming much too important to leave a significant amount of the population (pardon the pun) in the dark. We have the technology to help the blind navigate web sites independently. Unfortunately, CAPTCHAs are hindering much of that progress.

Re:Blind people? (5, Insightful)

Ngarrang (1023425) | more than 6 years ago | (#23170402)

csnydermvpsoft wrote, "The Internet is becoming much too important to leave a significant amount of the population (pardon the pun) in the dark. We have the technology to help the blind navigate web sites independently. Unfortunately, CAPTCHAs are hindering much of that progress."

No, spammers are. The root problem of this "solution" is the spammers, who do not care our personal feelings of privacy. They don't care that their messages cause everyone else's costs to rise.

Without CAPTHA technology, none of the web mailers would be usable, as they would all be blocked by every known blacklist.

For this reason, I think the penalties for convicted spammers should be far higher than what they are now. Their actions are subverting the ease of use for a very large group of people.

Re:Blind people? (4, Insightful)

jackb_guppy (204733) | more than 6 years ago | (#23170566)

CAPTHA are already dumping people with color issues, not blind but do not have the ability to perceive color differences.

Others are using letters / numbers that after distortion could be a,d,9,g for example.

Personal, I give a site two tries before I give up and dump them.

Re:Blind people? (1)

AF_Cheddar_Head (1186601) | more than 6 years ago | (#23170604)

I thought it was just me, yes I am colorblind, that was having issues with the way that so many of the CAPTHAs are constructed.

Re:Blind people? (0)

Anonymous Coward | more than 6 years ago | (#23170756)

Death penalty to spammers (and those who use their services), problem solved.

Re:Blind people? (1)

CogDissident (951207) | more than 6 years ago | (#23170806)

Because, you know, its not as if spammers are from serbia and nigeria, where there are already such tough laws against spamming.

I know I've said this before, but american spammers are the equivalent of the short-bus kids. They think they're doing well, but they are actually being rather ineffective and risking their necks when they don't have to.

Re:Blind people? (1)

cthulu_mt (1124113) | more than 6 years ago | (#23170478)

The Internet is becoming much too important to leave a significant amount of the population (pardon the pun) in the dark.
Since when are the blind a significant number of the population?

Re:Blind people? (5, Informative)

Kam Solusar (974711) | more than 6 years ago | (#23170598)

According to Wikipedia [wikipedia.org] : In November 2004 article Magnitude and causes of visual impairment, the WHO estimated that in 2002 there were 161 million (about 2.6% of the world population) visually impaired people in the world, of whom 124 million (about 2%) had low vision and 37 million (about 0.6%) were blind.

Re:Blind people? (3, Insightful)

iangoldby (552781) | more than 6 years ago | (#23170500)

I don't if it should be a concern. Do we lament that the blind and h-o-s cannot drive?
I think that's a pretty outrageous attitude.

Think about it. What is the cost of making a car that a blind person could drive? Prohibitive, I suspect. Given the current state of technology it may not be quite possible even (though we could pay for human chauffeurs if we were really determined).

What's the cost of making a printed newspaper accessible to a blind person? Quite high I suspect. The technology to read shapes on a page and convert them to something the blind person can read or listen to is not straighforward.

What's the cost of a system that allows a blind person to access text stored electronically on a computer? Pretty-much negligible.

The thing is, the web should be a superb medium for making its content accessible to practically everyone. The information is already in a form that computers can manipulate easily.

If you use HTML as it was designed to be used, there is no additional cost in making it accessible.

Come on people, this is not rocket science! Here we have a golden opportunity to make, for practically no additional cost, something that can be accessed by everyone. It's not like designing a driverless car, or backfitting access ramps and lifts to historic buildings. Why on earth wouldn't we do this?

</rant>

Re:Blind people? (4, Interesting)

phoenixwade (997892) | more than 6 years ago | (#23170808)

I don't if it should be a concern. Do we lament that the blind and h-o-s cannot drive?
I think that's a pretty outrageous attitude.
{SNIPPED}
What's the cost of a system that allows a blind person to access text stored electronically on a computer? Pretty-much negligible.
Here is where you fail to understand the problem.
    First, creating content is not negligible in cost.
    Second, creating an interface to deliver the content is not Negligable in cost.
    Third, Actually delivering the content to the masses isn't negligible in cost either.
    Fourth, as has been pointed out in other comments and in the article, the problem involves the creation of a technology that will allow your audience to access the content/service you are providing, while simultaneously preventing the use of automated systems to exploit your services by appearing to be your audience (i.e. a Human), because the failure to do so means that you may lose the entire technology, or at the very least render it substantially less useful and more expensive. Email, for example, is only being used 5% of the time as intended, the other 95% being spam (As seen on /. recently)

The thing is, the web should be a superb medium for making its content accessible to practically everyone. The information is already in a form that computers can manipulate easily.

If you use HTML as it was designed to be used, there is no additional cost in making it accessible.
AH! Now I understand! You are in the wrong conversation and didn't realize it.

if you are using HTML only, the whole captcha debate is meaningless for you. HTML is designed for PUBLISHING information, captcha applies to web based applications that HTML is only a SMALL part of. After all, the only interactive part of HTML are the form elements. Since YOU aren't actually doing anything with the posted form information, YOU have no need for security and little to no need to verify that the entity on the other end of that pipe is a human, spyder, or spambot.

However, some of us do create applications that need to know this, because we want to provide services for actual humans, but do not want to provide another place for spambots to send out their crap.

Re:Blind people? (1)

rapoZa (810020) | more than 6 years ago | (#23170728)

There is no reason to neglect web site accessibility. People that can't see, or find it difficult to do so, have been poorly served by bad web developers, not by the technology. In fact, I think the technology has been very liberating. The cost of failing to implement enabling technologies is far higher to the whole of society than the 'insignificant' cost of implementing an accessible web site, which is why society should require accessible information. In what sense is driving comparable to web browsing?

Re:Blind people? (1)

poetmatt (793785) | more than 6 years ago | (#23170796)

The few times I've seen a different scenario is where they have an option of listening to an audio version of whatever word they produce in the captcha.

In the defense of many, I've seen some captcha's so distorted that I can't even make out the damn words/letters within it. I welcome a new method like this, but I'm suspecting that it will eventually be beaten as well.

Don't forget users of lynx (4, Interesting)

Nursie (632944) | more than 6 years ago | (#23170122)

It annoyed me mightily the day slashdot introduced captchas for comments when you weren't already logged in. And somehow broke the login process from lynx.

Lynx is the geek slacker's greatest tool, when run in an ssh session from your home server, not only is the traffic unloggable (except for "he's calling home a bit") but it even looks like work to the uninitiated.

Re:Don't forget users of lynx (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23170234)

I use my normal browser in work, proxied through a ssh tunnel to squid running at home. Is that not an option for you too?

Re:Don't forget users of lynx (1)

Nursie (632944) | more than 6 years ago | (#23170424)

Well of course that's an option, but it doesn't look much like work, does it? One can only spend so long browsing the web openly during work time...

More blind people coming. (1)

iamsamed (1276082) | more than 6 years ago | (#23170158)

...more blind and hard-of-sight people will be using the Internet...

And don't forget all the sighted people who will become blind from "looking" at all that porn!

Re:Blind people? (0)

Anonymous Coward | more than 6 years ago | (#23170480)

not to mention all the color blind folks...

Re:Too hard. (2, Insightful)

The Ancients (626689) | more than 6 years ago | (#23169924)

The general public will not know what "geometric" means*.

This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.

*or annotate... or centre

If this is the case, do the captchas have the issue, or does humankind?

Re:Too hard. (1)

edittard (805475) | more than 6 years ago | (#23170046)

I don't know.

Maybe if we were to gather statistics on which one has managed to survive longest without the other it would give us a clue?

Re:Too hard. (5, Insightful)

Smidge204 (605297) | more than 6 years ago | (#23170082)

Definitely the human's problem, although presumably if a human is smart enough to make it then a human is smart enough to figure it out...

To be optimistic, I actually like to think of it the other way around:

CAPTCHAs are providing a valuable evolutionary pressure on machine vision/artificial intelligence development!

=Smidge=

Re:Too hard. (1)

cp.tar (871488) | more than 6 years ago | (#23170212)

To be optimistic, I actually like to think of it the other way around: CAPTCHAs are providing a valuable evolutionary pressure on machine vision/artificial intelligence development!

... so when the machines decide to exterminate us, camouflage clothing will be of no use to us.

Welcoming our seeing and intelligent machine overlords seems futile. We will be exterminated.

Thanks. Now I'm depressed.

/me goes off to his Computational Linguistics class. Guess the overlords will understand language as well.

Re:Too hard. (0)

Anonymous Coward | more than 6 years ago | (#23170562)

"Guess the overlords will understand language as well"
Well if they understand the female human langage, they deserved to be our overlord !

Re:Too hard. (1)

T-Bone-T (1048702) | more than 6 years ago | (#23169998)

I noticed RapidShare has a new CAPTCHA involving writing only the letters and numbers that have a cat in a certain pose and the rest of the letters have a cat in a different pose. The letters were very distorted and the cats were on top of the letters or underneath. It was actually a little bit challenging.

Re:Too hard. (1)

A Friendly Troll (1017492) | more than 6 years ago | (#23170088)

It's just the beginning; it's going to get worse as they become more aggressive. RapidShare wants your money, simple as that, and rest assured that the frustration with discerning those silly cats and dogs _will_ make some people pay.

The only challenge is how to get you to pay. :)

Re:Too hard. (1)

ais523 (1172701) | more than 6 years ago | (#23170334)

That CAPTCHA strikes me as being easier for a computer than for a human. Recognising upside-down cats when they're always pixel-for-pixel the same is quite easy, and likewise for the letters the cats are next to.

Re:Too hard. (4, Interesting)

MichaelSmith (789609) | more than 6 years ago | (#23170056)

The general public will not know what "geometric" means*.

This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.

*or annotate... or centre
Soon we will welcome computers to our online forums for their insightful, informative and interesting comments. The CAPTCHA will be there as an initial filter on the quality of posters. It will exclude stupid computers and stupid people.

Re:Too hard. (2, Informative)

lorenzo.boccaccia (1263310) | more than 6 years ago | (#23170130)

I'm having problem just passing the current generation captchas. some are case sensitive, some not, none states it, some are so twisted that b and 8 confuses, l and 1 confuses and so on. It's somewhat better with the ones using real words, but not everybody is a native English speaker.

Re:Too hard. (2, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#23170152)

The general public will not know what "geometric" means*.
Oh, gimme a freaking break. I am sooooo sick of everyone worrying about pandering to the lowest common denominator. But I have a solution to this particular problem.

Here's my plan: cleanse the gene pool. We'll just eliminate warning labels from everything and when the stupid freaking idiots fry themselves blow-drying their hair in the bathtub because there was no warning label on the hair dryer saying "WARNING: RISK OF DEATH!!! DO NOT USE IN OR NEAR WATER!!!", Darwin's theory of survival of the fittest will kick in and we'll be rid of the bloody morons.

Re:Too hard. (1)

jo42 (227475) | more than 6 years ago | (#23170274)

The politicians won't like that one bit - as it would reduce the tax base by about 95%.

Re:Too hard. (1)

morgan_greywolf (835522) | more than 6 years ago | (#23170382)

Who says the politicians won't be going out with them?

Re:Too hard. (2, Informative)

endersshadow7 (972296) | more than 6 years ago | (#23170342)

I've used the Asirra Project [microsoft.com] for about a year now on my site with fantastic results. I've had absolutely 0 bot registrations, when I was getting 10-20 a week with the old CAPTCHA. Given all the press CAPTCHA's have been getting lately, it makes me wonder why more people aren't implementing something of this nature.

Re:Too hard. (2, Insightful)

ronanbear (924575) | more than 6 years ago | (#23170446)

Half the problem is the over-reliance on Captchas. Most of the cracks work by educated guessing and have large error rates. This fact could be exploited by the webmail companies. Additional Captchas for sending suspicious messages (lots of messages) and early activity.

That a Captcha is the only thing standing between a gmail account and the ability to send large numbers of spam messages is more of the problem. Run the spam filters on outgoing messages and delay some of them to give time for the new address to be blacklisted if it's sending spam and especially if there were large numbers of Captcha failures.

Twofo Ghey Niggers (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23169894)

Eat my goatse'd penis! [twofo.co.uk]

That's right, you cock-smoking tea-baggers!

Re:Twofo Ghey Niggers (4, Funny)

CSMatt (1175471) | more than 6 years ago | (#23170098)

This just reaffirms the article's conviction that the CAPTCHA is broken.

curses... (4, Funny)

Anonymous Coward | more than 6 years ago | (#23169902)

It's already spotted that I am a computer and it won't even load.

worthless (5, Insightful)

tritonman (998572) | more than 6 years ago | (#23169904)

who needs to write CAPTCHA exploits when you can just hire 50 chinese kids for 3 cents per day to create email accounts and send spam out for you?

Re:worthless (5, Funny)

Mipoti Gusundar (1028156) | more than 6 years ago | (#23169968)

you can just hire 50 chinese kids for 3 cents per day
If is really being true that they can be cutting us under by fifety percents then fine hai-tech industry of my dear INDIA is doomed. Ah well, nice while was lasting. Perhaps my medical degree is being useful after all!

Re:worthless (1)

ahuimanu (237298) | more than 6 years ago | (#23170040)

Sounds like a variation on the Chinese Macro Miners in various MMPORGs.

Life is cheap in China.

Re:worthless (1)

deroby (568773) | more than 6 years ago | (#23170160)

Given the 'randomness' of these things, it might be that the results aren't very re-usable, hence it becomes almost required to keep paying some "sweatshop" to figure them out over and over again. It might not seem expensive at couple a cents per 'unit', but it surely will add up to much more than finding a clever way to brute-force your way through the tests using thousands of stolen zombie-computers.

Anyway, I find it a comforting feeling to know that all the spam I receive is helping out the poor in China; makes me all warm inside.

This is where it falls apart... (2, Insightful)

Joce640k (829181) | more than 6 years ago | (#23170624)

Pretty soon they'll just set up a "free porn" site - free access so long as you solve a captcha to get in.

It's been threatened and talked about before, all it needs is something "unbreakable" like this to actually make it happen.

embed in a childrens game Re:worthless (0)

Anonymous Coward | more than 6 years ago | (#23170210)

and when they start demanding more money one could build this puzzle into a childrens game and they will pay for solving CAPTCHA.

Re:worthless (1)

dns_server (696283) | more than 6 years ago | (#23170564)

You do not need the Chinese to break the captcha when you can forward the captcha to someone else and get them to break it for you.

What i have heard is that some adult websites have a captcha that is forwarded from a site like yahoo. The visitor will be presented the picture and solve it and then the adult site will use the solution to register with yahoo or whatever.

If all you need to do is pass on the solving to someone else then there is no way of telling between a real person and a real person by proxy.

Can't RTFA. Already /.'ed after just ONE comment (0)

Anonymous Coward | more than 6 years ago | (#23169930)

Is this a new record or something?

Anyway since I can't try this out, does anyone know how it impacts users of thin clients or handheld devices that are forced to use a lower color scheme? CGA monitors? Monochrome? How about the color-blind? How abour color-blind people using CGA monitors?

Re:Can't RTFA. Already /.'ed after just ONE commen (1)

Kippesoep (712796) | more than 6 years ago | (#23170614)

CGA itself is colour-blind. The picture is a dithered mess, but I doubt it wouldn't work in greyscale as well. Since it is composited of several images, if you have trouble finding the boundaries (and therefore the centre) of one, just pick another.

Lyrical Response Mechanism (5, Funny)

FurtiveGlancer (1274746) | more than 6 years ago | (#23169936)

Why don't we take a note from TV and have the user sing the missing lyrics of a classic hit. Even if they don't pass, it will make for much more fun around the computer, especially at the office.

Re:Lyrical Response Mechanism (3, Funny)

CSMatt (1175471) | more than 6 years ago | (#23170112)

Until the user gets subpoenaed by copyright holders.

Then it will be hilarious.

Re:Lyrical Response Mechanism (5, Funny)

Daimanta (1140543) | more than 6 years ago | (#23170134)

I'll start. Finish this:

"Never gonna give you up"...

Re:Lyrical Response Mechanism (1)

jimicus (737525) | more than 6 years ago | (#23170310)

"Never gonna give you up"...
Never wanna make you cry
Never gonna give you up
Never gonna say goodbye

Start Talking Love, Magnum

Re:Lyrical Response Mechanism (1)

19thNervousBreakdown (768619) | more than 6 years ago | (#23170352)

I'm never, ever gonna stop
Not the way I feel about you
Girl, I just can't live without you

Re:Lyrical Response Mechanism (1)

19thNervousBreakdown (768619) | more than 6 years ago | (#23170374)

Ain't never gonna let you down babe
Ain't never gonna give you up
Hey hey hey hey
Yea yea yea
Ain't never gonna give you up
Yea yea yea
Ain't never gonna let you down

Re:Lyrical Response Mechanism (1)

FurtiveGlancer (1274746) | more than 6 years ago | (#23170450)

Serously though, if Google is willing to share our surfing demographics, the system can always pick a tune we will know.

*Note to self - no more Manilow searches*

What lenghts will we go? (1)

desmondhaynes (1269862) | more than 6 years ago | (#23169944)

While the tech is superb, was wondering what lengths we will go to avoid the spammers. Come on, you also need spammers to keep the world entertained! I still remember the first time I got the Nigerian money mail, and the breast enhancement ideas. So too for the blogs. When I login into my blog admin dashboard, the second thing I check is the spams. :-) Come on, you don't want to kill an industry! :D -TW Techwatch: Technology News that matter http://techwatch.reviewk.com/ [reviewk.com]

Re:What lenghts will we go? (1)

desmondhaynes (1269862) | more than 6 years ago | (#23169954)

oh, the first thing is the actual comments, ones not flagged as spam.

Re:What lenghts will we go? (1)

lottameez (816335) | more than 6 years ago | (#23170132)

Right on! I used my nigerian money to buy boobs and a new, larger, p3n1s. Of course, then I need healthy doses of V1agr@ and other M3ds! to make it all work.

Re:What lenghts will we go? (1)

techpawn (969834) | more than 6 years ago | (#23170192)

I could do without Spam thank you! Every third email I get is "would you like bigger breasts" and after 3 years of that I'm thinking about it...
And when it's not that one it's an email that says "If you want a big dick, click here!" and no matter how much I click it doesn't get any bigger.

Not just entertaining, also educational!. (1)

way2trivial (601132) | more than 6 years ago | (#23170298)

Let me get my old fart hat on.
I first ever was in contact with a 419 via postal mail.

yes, 419 scams used to be pulled via the postal service.... international stamps the whole bit.

I admit- I was intrigued (and naive) and did nothing.. sounds too good to be true etc,, but I thought about it a whole lot.
Since then, and before the prevalance of 419 emails,
I've seen more than a few news stories about people getting into hot water for believing

now that 419 email is so widespread, and the topic so widely known, I acknowledge that it's funny on me..
but the subject matter is also very well known to many many people....

not just entertainning, but educational!

It's still trivially crackable. (5, Insightful)

Jason1729 (561790) | more than 6 years ago | (#23169946)

All they need to do is offer free porn to people who solve the captchas and embed the captcha in their site. It doesn't matter how sophisticated the test is or hard it is for a machine to do it, they all have that fatal flaw.

Then there's also the option of paying Warcraft gold farmers to solve captchas and take a break from the game.

Re:It's still trivially crackable. (0)

Anonymous Coward | more than 6 years ago | (#23170110)

Exactly. As long as there are people willing to help crack those captchas and there are enough people willing to buy vigria or some nice reel estate in Nigeria, spammers will be able to "automatically" setup spam accounts.

Why can't we just sue the pants off every spammer so it is no longer profitable for them? Last time I sent an email to someone who didn't know me yet, I was immediately blacklisted just because the email came from a webmail service (Yahoo) that has been cracked for a while now. This has got to stop, or legitimate email will grind to a halt. Already people have to spend quite a lot of effort to clear out their inbox, it won't be too long before people will have to be hired specifically for that job. If they haven't been already.

If it doesn't work to create better captchas, then maybe the email services should be quicker to shut down adresses used for spamming (would it be legally possible to filter out massive amounts of identical emails, especially if using a term similar to Viagra?) and hunting down the people actually behind the spam, because they are the ones profiting from it.

Re:It's still trivially crackable. (2, Interesting)

Arancaytar (966377) | more than 6 years ago | (#23170792)

Trivia questions. Most internet communities are dedicated to some kind of specific topic. Even someone who is unfamiliar with the trivia can use Google, which the machine cannot.

(Also, said trivia questions will be applicable only to one specific site, so it would never pay for the spammers to build a database of them.)

/.'d @ 7:14:09 CDT (0)

Anonymous Coward | more than 6 years ago | (#23169950)

Hard to try out with 5M other /.r's trying to hit it at the same time.

Slashdotted (1)

Icarus1919 (802533) | more than 6 years ago | (#23169970)

Slashdotted already.

speach synthasis. (1)

oliverthered (187439) | more than 6 years ago | (#23169972)

It should be fairly easy to write an audio CAPTCHA you just have to get someone to read some text. Computers are very poor at speech synthesis at the moment.

Re:speach synthasis. (0)

Anonymous Coward | more than 6 years ago | (#23170058)

I have hearing difficulties, you insensitive clod!

Re:speach synthasis. (1)

oliverthered (187439) | more than 6 years ago | (#23170144)

actually I was thinking of the opposite, do you have speaking difficulties (I realise that hearing and speaking difficulties can often go together)

Re:speach synthasis. (0)

Anonymous Coward | more than 6 years ago | (#23170354)

What about people without microphones? Or that are on dialup? Or people that are deaf (and not oral)?

That's just the tip of the iceberg of problems with a spoken test.

Illogical (1, Informative)

SpinyNorman (33776) | more than 6 years ago | (#23170150)

If a computer could recognize the difference between human and computer generated speech, then it would know how to generate human sounding speech.

Re:Illogical (3, Insightful)

Matje (183300) | more than 6 years ago | (#23170394)

If a computer could recognize the difference between human and computer generated speech, then it would know how to generate human sounding speech.
Bullocks. Why is this modded informative? You don't provide any backup for your claim.

It is imaginable to create a model that describes speech characteristics in general and computer speech characteristics in particular. Any sound sample could compared with the two models. If it fits the wider speech model but not the computer speech model, then you would call it human speech. QED.

The ability to distinquish between two things does not imply that you'll be able to generate them effectively (unless the search space is very narrow). Imagine it this way: you can probably distinguish Chinese from Spanish. That does not imply you speak either language.

Alternative... (5, Informative)

martin_henry (1032656) | more than 6 years ago | (#23170006)

Re:Alternative... (0)

justleavealonemmmkay (1207142) | more than 6 years ago | (#23170794)

Imaginaaaaaaaaaaaaaaation

Stupid Captcha (5, Insightful)

Big Smirk (692056) | more than 6 years ago | (#23170012)

Any captcha with multiple choice answers is not a good one. 20 choices? So the computer gets by 1/20 of the time. Hmmm, how many attempts does it take to get 1000 e-mail accounts? As for "geometric center" note that all the images are rectangular. I haven't tried it, but writing a program to pull out all possible rectanges and then sort them on size, and pick the center of the one of the larger rectangles should do it. Why not a captcha that works with google. "Describe in one or two words what is in this picture", then use a google like search to match up the actual description with what the person typed. Person types "Dog" picture is a "Labrador Retriever" match.

20 minutes, test not yet passed.. (2, Funny)

PIBM (588930) | more than 6 years ago | (#23170030)

They might have a good captcha but it's already broken: they are unable to serve it as fast as required, which prevents legitimate users from accessing a real server content... No user on any site would wait so long just to pass a captcha test.

Test site slashdotted... (3, Informative)

thrill12 (711899) | more than 6 years ago | (#23170084)

...but some more info here [psu.edu] as well as a (ugh) [a href="http://wang.ist.psu.edu/imagination/imagination.ppt">powerpoint and a user study [psu.edu] with some samples.

Slashdotted (1)

Rik Sweeney (471717) | more than 6 years ago | (#23170086)

The system is called IMAGINATION and you can try it out

That's what you think...

Halp! (1)

Bartab (233395) | more than 6 years ago | (#23170108)

My imagination is broken!

next generation HUMANS to rely on creators... (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23170126)

instead of prone-to-(t)error man'kind'? the only required task will be taking care of each other? just a thought. let yOUR conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.yahoo.com/s/ap/20071229/ap_on_sc/ye_climate_records;_ylt=A0WTcVgednZHP2gB9wms0NUE
http://news.yahoo.com/s/afp/20080108/ts_alt_afp/ushealthfrancemortality;_ylt=A9G_RngbRIVHsYAAfCas0NUE
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://video.google.com/videosearch?hl=en&q=video+cloud+spraying

dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);

http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html

the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc.... as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US. gov. bush denies health care for the little ones;

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html

whilst demanding/extorting billions to paint more targets on the bigger kids;

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html

& pretending that it isn't happening here;

http://www.timesonline.co.uk/tol/news/world/us_and_americas/article3086937.ece
all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles. talk about reverse polarity;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece

Fake colors are BS (0)

Anonymous Coward | more than 6 years ago | (#23170138)

The part with the fake colors is IMO complete bullshit.
You could simply smooth the image (because of the dithering) and convert it to black and white. The luminosity should be enough for recognition.

Of course, you still have to solve the other parts.

The real solution to captcha is OpenID. (2, Informative)

Anonymous Coward | more than 6 years ago | (#23170142)

The real solution to captcha is OpenID.

Re:The real solution to captcha is OpenID. (2)

garaged (579941) | more than 6 years ago | (#23170510)

how so ?

Wally (0)

Anonymous Coward | more than 6 years ago | (#23170148)

Ok, the next step on the CAPTCHA technology is to find where Wally is.

Alternate URL (1)

desmondhaynes (1269862) | more than 6 years ago | (#23170164)

Re:Alternate URL (1)

Ecuador (740021) | more than 6 years ago | (#23170734)

Can someone mod this clown down (if banning is not possible)? He keeps posting this site of his that redirects you to all sorts of advertisments...

Re:Alternate URL (1)

Ecuador (740021) | more than 6 years ago | (#23170782)

Hmm I see he automatically redirects only IE, with Firefox I stay on the article page... I guess that's why no other slashdotter noticed the problem!

mechanical turk (2, Interesting)

192939495969798999 (58312) | more than 6 years ago | (#23170178)

Just hire out cracking it to a mechanical turk service, and log their results to a database. Before long, you'll have a system capable of monte-carlo guessing at a high rate of accuracy. The computer doesn't need to know much about the image to make an educated guess with a large enough data pool of previous solutions.

Re:mechanical turk (1)

ouder (1080019) | more than 6 years ago | (#23170660)

Computers can make random guesses thousands of times an hour. Some will eventually work by pure luck. Methods like this, or just knowing the general algorithm allow you to shave the odds even further in the hacker's favor.

Death/Alternative test (0)

Anonymous Coward | more than 6 years ago | (#23170236)

Why can't we put a black box of pain? That will demonstrate who is human and who is not

CAPTCHA = The terrorists have won. (2, Insightful)

v(*_*)vvvv (233078) | more than 6 years ago | (#23170308)

Like airport security, CAPTCHA puts a tremendous burden on the innocent people just because they cannot detect the terrorists.

How is CAPTCHA broken and how is it "technology"?

It is not broken because it works as it is suppose to. I would think the correct term would be "solved" or "been overcome".

Technology-wise, CAPTCHA is a workaround, not a solution. The real problem is automated bots manipulating forms where the webmaster only wants humans. Detecting whether or not the visitor is an automaton would be the solution, but because people have apparently given up on this, they have resorted to trying to detect whether or not the visitor is human.

I think RapidShare has a good one (1)

JorDan Clock (664877) | more than 6 years ago | (#23170330)

Last time I used RapidShare, they had a CAPTCHA that not only had distorted letters, but dogs and cats behind them. They were very simple, but enough to distinguish between the two. These dogs and cats are blended into the letters and to pass the CAPTCHA, you have to put in the characters with cats.

I suppose I ought to RTFA (0)

Nursie (632944) | more than 6 years ago | (#23170396)

But what the hell is a "fake color"?

i think its too big (2, Insightful)

PJ1216 (1063738) | more than 6 years ago | (#23170596)

the image is huge. plus its two steps. also, the annotation part... i wasn't actually *sure* i was answering correctly. it looked like they were near water... boat was an option... didn't look like a boat... but nothing else really made sense... well, 'cept there was a guy in the picture and "man" was a choice as well... but i went with boat cause the guy didn't seem to be the focus. nonetheless, it required effort to reason it out. i don't want my captcha taking up more than 2 seconds, let alone like 30 seconds.

Sweatshops (2, Insightful)

Anonymous Coward | more than 6 years ago | (#23170616)

Spammers will still just pay sweatshop workers to solve these, won't they? What does this solve?

Anyone else notice the link on the PSU Website?? (0)

Anonymous Coward | more than 6 years ago | (#23170630)

http://wang.ist.psu.edu/docs/projects/imagination.html talks about the new CAPTHCA's and has a link to two places that talk about the ability of breaking CAPTCHA's... such as http://sam.zoy.org/pwntcha/ which lists Slashdot's CAPTCHA as 89% bypassible by their software because of "Weaknesses: constant font, no deformation, constant colours, weak perturbation."
But scroll about 3/4 of the way down that page and find the "Other captchas and hard captchas" section and check out "Cwazymail"'s CAPTCHA's... who woulda though there's a legit use for that picture?!?! LOL

And what if I have no imagination!? (0)

Anonymous Coward | more than 6 years ago | (#23170656)

And what if I have no imagination you insensitive clod. Accountants/Buerocrats can't pass such a test!
(think HG to the galaxy for image). Are we creating turring tests for computers or reverse turing tests for people.

At least a part is Ineffective (4, Insightful)

Dracolytch (714699) | more than 6 years ago | (#23170784)

Ok, so I was able to do the image analysis one, where they take an image, muck with the color, draw a bunch of black lines over it, and then ask you to annotate it with a word from a list.

This is no better, and may be worse, than what we have now, for two reasons.

1) If you fill in the gaps programmatically, and then make the image grayscale, you probably have something you can use for image matching.

2) Much more severely: The interface reduces the number of possible answers by multiple orders of magnitude. For the one I saw I think there were 10 or 15 answers. Even if you kick image recognition to the curb and randomly choose an answer, you'll be right 1/15 times. It'd be trivial to write a program to harvest hundreds of accounts in a day by just picking random answers. Hand that off to a botnet or similar, and this becomes a minor speedbump.

~D
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?