Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ReCAPTCHA.net Now Vulnerable to Algorithmic Attack

timothy posted more than 4 years ago | from the bless-you! dept.

Security 251

n3ond4x writes "reCAPTCHA.net algorithms have been developed to solve the current CAPTCHA at an efficacy of 30%. The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online. Also available is a video demonstration of random reCAPTCHA.net CAPTCHAs being subjected to the algorithms." There's probably an excellent Firefox plugin to render this page's color scheme more bearable. Note: the PowerPoint presentation linked opens fine in OpenOffice, and the video speaks for itself.

cancel ×

251 comments

Sorry! There are no comments related to the filter you selected.

Offtopic (-1, Offtopic)

bcmm (768152) | more than 4 years ago | (#33154742)

Obvious technical errors in summaries bother me more than spelling/grammar errors.

A Firefox extension is not the same thing as a plugin.

Re:Offtopic (0, Redundant)

stephanruby (542433) | more than 4 years ago | (#33154948)

A Firefox extension is not the same thing as a plugin.

Firefox plugins ***used*** to be called Firefox extensions. You must just be too young to know this.

Re:Offtopic (4, Informative)

Anonymous Coward | more than 4 years ago | (#33155078)

No, Firefox addons used to be called extensions, plugins are still plugins.

Re:Offtopic (3, Informative)

Cougar Town (1669754) | more than 4 years ago | (#33155372)

Wrong. Plugins have been around since Netscape and are still called plugins. They have a different function than an extension (and an extension is what we would want in this case to fix the site's colours).

Both plugins and extensions, along with themes, are collectively referred to as "addons." "Plugin" is the wrong word in the summary. "Extension" or "addon" would have been acceptable.

Re:Offtopic (1)

vlueboy (1799360) | more than 4 years ago | (#33155322)

From TFS:

There's probably an excellent Firefox plugin to render this page's color scheme more bearable.

Halfway through this sentence I realized someone will now implement a nice little extension such that I never again have to answer these recaptchas. Pretty sure they would break this extension shortly with cunning, though. Anyway, at 30% accuracy now, it's easier to <F5> or click refresh 3 or 4 times than to get my hands off the mouse to type 2 word captchas that sometimes are eye-straining.

You don't have to reply here if you don't want to lose karma with such guilty-pleasure extension, brave spammers^Wcoders! :) I'll be googling the currently "virgin" string "captcha this fox" to find your work posted wherever.

My eye's... (0)

Anonymous Coward | more than 4 years ago | (#33154758)

... They bleed nope wait just a shitty color scheme

Re:My eye's... (0)

Anonymous Coward | more than 4 years ago | (#33155476)

Looks fine to me here in the basement..

OpenOffice? (0)

Anonymous Coward | more than 4 years ago | (#33154764)

Does the PowerPoint open fine in Keynote?

colours (2, Funny)

orange47 (1519059) | more than 4 years ago | (#33154772)

"There's probably an excellent Firefox plugin to render this page's color scheme more bearable."
just select all page, its better.

Re:colours (4, Informative)

electrostatic (1185487) | more than 4 years ago | (#33154916)

"...an excellent Firefox plugin to render this page's color scheme more bearable."

Yep. Color Toggle

https://addons.mozilla.org/en-US/firefox/addon/9408/ [mozilla.org]

I have it set so Ctl-Shift-Z set light yellow background, black text, and blue links.

Re:colours (1)

commodoresloat (172735) | more than 4 years ago | (#33155270)

sweet! Perfect for reading slashdot discussions in this IT color scheme! It's hilarious that a slashdot summary in this section is complaining about color schemes on other pages... glass houses and all

Re:colours (0)

Anonymous Coward | more than 4 years ago | (#33155278)

I have it set so Ctl-Shift-Z set light yellow background, black text, and blue links.

I think the intent is to make pages more readable, I don't know what the hell you're doing.

Re:colours (1, Informative)

Anonymous Coward | more than 4 years ago | (#33155328)

Neat, I also use yellow background, black text and bluish links. It is very relaxing.
The color codes are #FFFF00 for the background, #000000 for the text and #00EFFF for the links.

Re:colours (1, Informative)

Anonymous Coward | more than 4 years ago | (#33155374)

View>page style>no style

easy.

Re:colours (1)

SkyDude (919251) | more than 4 years ago | (#33155612)

Just hit Ctrl-a and all the text shows up just fine.

Human Success? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#33154776)

So what is the average human success rate? I think mine is only about 50%

Re:Human Success? (0)

Anonymous Coward | more than 4 years ago | (#33154994)

Sometimes I find myself just entering letters and pressing enter to get to the next one.

Re:Human Success? (2, Informative)

Anonymous Coward | more than 4 years ago | (#33155324)

Mine is 100%. Recaptcha is probably one of the easiest captcha I've ever had to deal with; something is wrong with you, sorry.

Re:Human Success? (1)

wickedskaman (1105337) | more than 4 years ago | (#33155446)

Maybe that's why it's been figured out at ~30% eficacy. *shrug*

My eyes! (2, Funny)

Yvan256 (722131) | more than 4 years ago | (#33154782)

The goggles, they do nothing!

Re:My eyes! (0, Troll)

sexconker (1179573) | more than 4 years ago | (#33155152)

Did you not learn when I explained this yesterday?
The quote is: "My eyes! The goggles do nothing!".
There is no "they", nor is there any bad pronunciation. Indeed, it is correctly articulated and enunciated, with an accent.

Re:My eyes! (4, Funny)

SomeJoel (1061138) | more than 4 years ago | (#33155208)

Did you not learn when I explained this yesterday? The quote is: "My eyes! The goggles do nothing!". There is no "they", nor is there any bad pronunciation. Indeed, it is correctly articulated and enunciated, with an accent.

Easy there champ, nobody appreciates a Family Guy nerd correcting everyone's quotes.

Re:My eyes! (1)

Agent0013 (828350) | more than 4 years ago | (#33155380)

Unless it's actually a quote from the "Is it a good idea to microwave this" guys on Youtube. (Although I think they actually say the line about the mask and not the goggles.) http://www.youtube.com/watch?v=ewGkH-E_HWA [youtube.com]

Re:My eyes! (0)

Anonymous Coward | more than 4 years ago | (#33155594)

Except it's from The Simpsons.
http://www.youtube.com/watch?v=OqfOxm_1BE0 [youtube.com]

OCR improvements? (3, Interesting)

Anonymous Coward | more than 4 years ago | (#33154788)

Can these attack algorithms actually increase the accuracy of normal OCR programs?

Re:OCR improvements? (1)

Chad Birch (1222564) | more than 4 years ago | (#33154966)

I haven't RTFA, but that's unlikely. With a captcha, you receive a response indicating whether you were correct or not. When using OCR, there isn't really any automated way to be sure if you've gotten it right.

Re:OCR improvements? (1)

nizo (81281) | more than 4 years ago | (#33154992)

Better living through spam!

Re:OCR improvements? (1)

ottothecow (600101) | more than 4 years ago | (#33155116)

recaptcha was created to increase the accuracy of normal OCR programs...

so technically the bots solving them would also be helping proof Project Gutenberg texts so long as they are getting both the test word and the book word correct.

Re:OCR improvements? (2, Informative)

AusIV (950840) | more than 4 years ago | (#33155582)

They're not. I saw the presentation these guys gave at DefCon (their presentation was about as painful as their website), and they're only getting the test word correct with about 30% accuracy. They're not completely sure about their success rates on book words, but they believe it to be considerably lower than the test words.

Pretty cool stuff (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#33154800)

But that just means more spambots, right?

Re:Pretty cool stuff (1)

Kepesk (1093871) | more than 4 years ago | (#33154826)

Personally, I don't think there will ever be an effective CAPTCHA or similar image-based technology. Someone will always come out with a better algorithm to beat them.

Re:Pretty cool stuff (1)

fyrewulff (702920) | more than 4 years ago | (#33154886)

On the other hand, it'll be easier to block the known spammers because fewer of them will be able to afford the hardware/sweatshop/botnet setups once the computational brute force needed increases.

Re:Pretty cool stuff (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33154974)

This won't happen. Many current CAPTCHAs are already hard to solve for humans, and increasing the computational cost to solve a CAPTCHA will also make it harder to solve for humans.

Now, the problem is, computers are getting more powerful every day, while humans don't. Sooner or later, this simple fact will render CAPTCHAs useless.

Re:Pretty cool stuff (1)

veganboyjosh (896761) | more than 4 years ago | (#33155074)

Useless to humans, maybe.

Maybe not so much to Skynet.

Re:Pretty cool stuff (0)

Anonymous Coward | more than 4 years ago | (#33154990)

If your brain can do it, a computer can be made to do it eventually. CAPTCHA will only block out all robots if it is illegible to human beings as well.

Speaking about re-captcha (3, Informative)

imsabbel (611519) | more than 4 years ago | (#33154816)

I recently went to their homepage and looked _really_ hard for any statistics about which books are transcriped. I read their Science paper. Tried all sections.
Its all about the captcha part, and _nothing_ about the RE.
The way they state how it works ("We are using 100.000 unique words") sounds like they have given up on that part long ago and just recycle their old database again and again...

Re:Speaking about re-captcha (4, Informative)

icebraining (1313345) | more than 4 years ago | (#33154892)

Currently, we are helping to digitize old editions of the New York Times and books from Google Books.

http://www.google.com/recaptcha/learnmore [google.com]

Re:Speaking about re-captcha (1)

MozeeToby (1163751) | more than 4 years ago | (#33155062)

You don't even need that, the attacker has access to everything, remember? They can just look at the file directly if it's predownloaded on the page or send the page the mouse over event for that element. I highly doubt that the people doing these algorithms are using a full web browser to pull and post data.

Re:Speaking about re-captcha (4, Interesting)

imsabbel (611519) | more than 4 years ago | (#33155292)

Hm.
So its for-profit work for the biggest advertising firm in the world.
Sort of expected project gutenberg or something.
Too bad.

Re:Speaking about re-captcha (1)

Mashiki (184564) | more than 4 years ago | (#33154920)

Dunno. I've been seeing a lot of unique stuff recently like hebrew, chinese, japanese, and vertical lettering.

Can the mouse cursor be positioned by a script? (1)

master_p (608214) | more than 4 years ago | (#33154842)

If not, then the captcha should only be visible when the mouse cursor is over it.

The key to a successful captcha is to make it accessible only by a user sitting in front of the screen.

Re:Can the mouse cursor be positioned by a script? (1)

machxor (1226486) | more than 4 years ago | (#33154936)

It's fairly trivial to use AutoIt to position the mouse and is scriptable.

Re:Can the mouse cursor be positioned by a script? (1)

Lehk228 (705449) | more than 4 years ago | (#33155060)

even if it couldn't be done normally, a hostile client could say the cursor is over the script just as easilly as it could place the cursor there.

Re:Can the mouse cursor be positioned by a script? (0)

Anonymous Coward | more than 4 years ago | (#33155226)

Let me rephrase what you said, and we'll see if you can spot the part where you're thinking like a bloody manager, writing random "security" requirements that are meaningless in practice....

"The key to a successful captcha is to trust the client to detect a user sitting in front of the screen"

Re:Can the mouse cursor be positioned by a script? (0)

Anonymous Coward | more than 4 years ago | (#33155298)

um, people breaking captchas don't actually use browsers. i guess you're just trolling though, nice work.

Re:Can the mouse cursor be positioned by a script? (1)

AusIV (950840) | more than 4 years ago | (#33155610)

As a couple of ACs have pointed out, the people breaking CAPTCHAs aren't using browsers, they're using scripts. They don't care if a DOM element is hidden, or if they have to make an extra ajax request of some sort. The scripts will be tailored to the CAPTCHA they're trying to break, and you can't keep a script from getting a hold of something that you plan to show a human.

I'm a computer, apparently (2, Funny)

El_Muerte_TDS (592157) | more than 4 years ago | (#33154844)

It looks like that tool is better at deciphering the captchas than I am.

far from it (3, Informative)

MagicM (85041) | more than 4 years ago | (#33154858)

I'm watching the video, and the end result is "b:1/78 1.28% s:27/78 34.62%" indicating that out of 78 tests of two words per test it got a single word right 35% of the time, and both words right only once or 1% of the time.

Since both words need to be correct "solve the current CAPTCHA at an efficacy of 1%" would be closer to the truth.

Re:far from it (2, Informative)

NegativeK (547688) | more than 4 years ago | (#33154928)

35% * 35% ~ 12%. And that ignores that one word is a known control, while the other is a word they're trying to OCR.

Re:far from it (2, Informative)

rm999 (775449) | more than 4 years ago | (#33155250)

You are right, there is no need to get both words right.

But, your 35% * 35% calculation assumes the recognition difficulty of the words is independent, which is a bad assumption in this case; the OCR word is one that is known to be hard to guess. It is probably more like 35% * 5% or something.

Re:far from it (2, Insightful)

retchdog (1319261) | more than 4 years ago | (#33155498)

Interesting. If this is true as stated, and one knew/modeled OCR performance, you could use this information in some cases to pick out the plum and boost the crack...

Re:far from it (1)

petermgreen (876956) | more than 4 years ago | (#33155600)

I seem to remember recapatcha claiming that if they think they are being screwed with they switch to sending two known words rather than one known and one unknown

Re:far from it (2, Informative)

BarryJacobsen (526926) | more than 4 years ago | (#33154956)

I'm watching the video, and the end result is "b:1/78 1.28% s:27/78 34.62%" indicating that out of 78 tests of two words per test it got a single word right 35% of the time, and both words right only once or 1% of the time.

Since both words need to be correct "solve the current CAPTCHA at an efficacy of 1%" would be closer to the truth.

My understanding is that only one of the words needs to be correct, but it has to be the "right" one (reCAPTCHA presents two words one it's very certain it knows what it is and one it's less certain, you have to get the one that it's very certain of in order to pass).

Re:far from it (0)

Anonymous Coward | more than 4 years ago | (#33155470)

Does this mean that if a lot of people were to consistently type the first word correctly, but enter "gnu" for the second word, they would pollute its database but still pass the test half the time?

Re:far from it (0)

Anonymous Coward | more than 4 years ago | (#33154984)

RTFA, both words don't need to be correct. ReCAPTCHA works by showing you two images, one known and one that OCR cannot currently read. The one OCR cannot read is completely unknown, so if you get it totally wrong, obviously ReCAPTCHA will not know and let you pass anyway.

Re:far from it (0)

Anonymous Coward | more than 4 years ago | (#33155010)

I'm watching the video, and the end result is "b:1/78 1.28% s:27/78 34.62%" indicating that out of 78 tests of two words per test it got a single word right 35% of the time, and both words right only once or 1% of the time.

Since both words need to be correct "solve the current CAPTCHA at an efficacy of 1%" would be closer to the truth.

You are wrong. Only one word needs to be correct. One word is the control word and one is from some book recaptcha is helping to digitize. Learn about recaptcha before going all retard.

Re:far from it (1)

MagicM (85041) | more than 4 years ago | (#33155112)

All I'm saying is that just because the algorithm got 30% of the words right doesn't mean that it can "solve the current CAPTCHA at an efficacy of 30%".

Re:far from it (1)

MagicM (85041) | more than 4 years ago | (#33155184)

Actually I guess that's not what I'm saying, because I said "1%" which was wrong. You may consider my face egged.

Re:far from it (1)

sexconker (1179573) | more than 4 years ago | (#33155248)

All I'm saying is that just because the algorithm got 30% of the words right doesn't mean that it can "solve the current CAPTCHA at an efficacy of 30%".

Yes, yes it fucking does.

"Solving" a captcha - to an attacker or a legitimate user - means getting past the damned popup and creating your account, posting your /. obama poop copypasta troll, etc.

Being correct with regards to the OCR means nothing.

Re:far from it (0)

Anonymous Coward | more than 4 years ago | (#33155168)

Learn about recaptcha before going full retard.

FTFY

Re:far from it (1)

sexconker (1179573) | more than 4 years ago | (#33155224)

Only ONE word needs to be correct for recaptcha.

There is a known word you are tested against, and an unknown word pulled from a database of shit they scanned.

Solving the known word correctly means you probably also got the unknown word correct. They then pool the "correct" submissions for the unknown words and see what the most common ones are.

I don't know if this is completely automated or if they have an intern monkey clicking "yes" or "no" for unknown words and probable solutions, but the whole "crowd sourcing OCR for a bunch of shit we scanned" is the POINT of recaptcha.

Re:far from it (1)

IICV (652597) | more than 4 years ago | (#33155318)

Not necessarily; I'm not sure exactly how reCAPTCHA works, but in theory they don't know one of the words - in fact, that other word may very well be unknowable, due to smearing or just not being a word (that happened to me the other day actually, I got one word and one thing that looked like a Farsi character). Thus, if you successfully guess the correct thing for the "known" word, it doesn't really matter what you guess for the "unknown" word as long as it's close or at least something a human might type.

Therefore, making the big assumption that this system correctly guesses both "known" and "unknown" words with equal chance, the algorithm's expected "win" percentage would be about 17%, not 1% as you claim.

Of course, I bet you anything that if reCAPTCHA gets a lot of wrong answers from a given IP address, they'll start sending pairs of known words in order to detect this sort of thing and to prevent pollution of their databases. That would give this algorithm a 1% win chance.

Re:far from it (5, Informative)

hydrofix (1253498) | more than 4 years ago | (#33155330)

Since both words need to be correct "solve the current CAPTCHA at an efficacy of 1%" would be closer to the truth.

Actually, that is incorrect. The other word is already positively known by the OCR, and serves as a control, while the other is the one that the OCR could not read. It will of course only check the one that it knowns, and assumes the other one is then correct as well. So, if you get one of the words correct AND this is the same word that as their OCR identified correctly (which is very likely the case), then you pass, but most of the time (99%) give a bad answer for the harder, non-OCR word. Sadly, this leads to pollution of their database in the long run.

The video shows nothing but failures (0)

Anonymous Coward | more than 4 years ago | (#33154872)

It isn't sufficient to get 30% of the characters right. "im bailiwick" is recognized as "iffy ballboy" and that result gets a 32.73% rating. Doesn't look broken to me.
Now 30% of the captchas, that would be something.

Re:The video shows nothing but failures (1)

sexconker (1179573) | more than 4 years ago | (#33155306)

The percentages shown are a running total of all the captchas tested against in that run.

b is the % of cases where BOTH words were correctly recognized
s is the % of cases where AT LEAST ONE word was correctly recognized

You only need to know ONE word to pass a recaptcha captcha. Though it has to be the CORRECT word, and I don't know if the developers of this program knew which word was known, or if they took that into account when displaying the percentages.

The worst case scenario is that they can solve it about 1/6th of the time (getting one right 1/3 of the time, and having it be the right one 1/2 of those times). It stands to reason, however, that the "known" captchas (the ones recaptcha tests against) are the ones that are easier to solve, and thus, the actual success rate is indeed about 33%.

Plugin not needed... (3, Informative)

knarf (34928) | more than 4 years ago | (#33154874)

There's probably an excellent Firefox plugin to render this page's color scheme more bearable

No plugin needed:

View->Use Style->None

That is what it looks like in Seamonkey, Firefox will be similar. This more or less always works.

Re:Plugin not needed... (1)

interval1066 (668936) | more than 4 years ago | (#33155280)

Or if you're using ff 3.6....; View->Page Style->No Style.

Re:Plugin not needed... (1)

c++0xFF (1758032) | more than 4 years ago | (#33155614)

This more or less always works.

You're not joking: it even makes the Time Cube site somewhat readable!

Hmm (5, Funny)

Tailhook (98486) | more than 4 years ago | (#33154906)

Should I run the DEFCON presenter's giant SWF or not?

o_O

Re:Hmm (2, Funny)

machxor (1226486) | more than 4 years ago | (#33155014)

Why not. You run Firefox right? If yes then you have no worries because it's not full of hole like IE is...

Re:Hmm (1)

Chad Birch (1222564) | more than 4 years ago | (#33155114)

You are disturbingly misinformed.

Re:Hmm (1)

machxor (1226486) | more than 4 years ago | (#33155254)

And you don't understand sarcasm... Or maybe I fail at it... Either way, cheers :-)

Re:Hmm (2, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#33155430)

I'm glad YOUR common sense kicked in before hundreds of others.

Bad Hacking (4, Insightful)

pz (113803) | more than 4 years ago | (#33154910)

Why would anyone want to do this? It's like attacking the UN peace keeping troops or the Red Cross. reCAPTCHA is doing good work, digitizing scanned printed books so that the the text can be made available for online searching. Breaking reCAPTCHA is like defecating in the village well, ensuring that everyone suffers. No one benefits from reCAPTCHA being broken. No one.

Re:Bad Hacking (0)

Anonymous Coward | more than 4 years ago | (#33155032)

reCAPTCHA is used by a lot of web services to prevent spamming. Breaking it would allow spammers to infiltrate new websites.

The breaking of reCAPTCHA benefits a very select group of people (spammers) and hurts the rest of us.

Re:Bad Hacking (2, Informative)

kyrio (1091003) | more than 4 years ago | (#33155054)

4chan already broke it.

Re:Bad Hacking (5, Insightful)

Dhalka226 (559740) | more than 4 years ago | (#33155094)

No one benefits from reCAPTCHA being broken. No one.

Spammers.

Re:Bad Hacking (0)

Anonymous Coward | more than 4 years ago | (#33155100)

Seriously? It's a security tool that administrators rely on. If it's breakable, someone will find a way. If a good person finds a flaw, I would hope like hell they let the world know.

Re:Bad Hacking (5, Insightful)

maxume (22995) | more than 4 years ago | (#33155106)

Actually, it could be of use to reCAPTCHA, they can just pass their test words through this system before they make them public and then use the output to help prevent similar attacks.

Re:Bad Hacking (0)

Anonymous Coward | more than 4 years ago | (#33155128)

Perhaps. But what if someone else does the same thing but doesnt bother to say that they did it? Some of these are used to create accounts. Now those accounts could then be used to spam (what most of these scumbags are after) the forums behind the code.

I would rather know about it than have a mysterious 'yeah well maybe someone is hacking it'. It may lead to a better one?

Re:Bad Hacking (1)

Purity Of Essence (1007601) | more than 4 years ago | (#33155144)

Advertisers benefit. Or rather, people who sell advertising and SEO services and work automated lead/sales referral systems. Their clients are probably hurt by all the forum spam done in their name. Look around you. Wherever there is money being made, there are assholes joining in.

Re:Bad Hacking (1)

rbcd (1518507) | more than 4 years ago | (#33155162)

The field of AI is advanced as CAPTCHAs are broken (eg: OCR). The great thing is that spammers work on this for us, too. When humans and computers cannot be separated, then we'll have computers that can pass the Turing test. AI research will have finished.

Re:Bad Hacking (1)

maxume (22995) | more than 4 years ago | (#33155242)

Right, because human level intelligence is the obvious upper limit.

Re:Bad Hacking (1)

rbcd (1518507) | more than 4 years ago | (#33155396)

That's an entirely separate and irrelevant discussion.

Re:Bad Hacking (0)

Anonymous Coward | more than 4 years ago | (#33155426)

Since we tend to consider people that think like ourselves as intelligent then yes. (Ever heard someone say "Great mind thinks alike."? Wouldn't it be more likely that average minds think alike?
If we run into something that is more intelligent than humans (Assuming that we have not done that yet.) we would probably just think it was stupid just because it didn't reach the same conclusions that we did.
I think you are absolutely correct here. By our current definitions human intelligence is indeed the upper limit.

Re:Bad Hacking (0)

Anonymous Coward | more than 4 years ago | (#33155204)

Because they already knew how to do it. Now you know, and so do the reCAPTCHA folks.

Re:Bad Hacking (4, Insightful)

Flyne (1082975) | more than 4 years ago | (#33155220)

The problem of breaking reCAPTHCA is precisely the same problem as increasing computer OCR abilities, since reCAPTCHA by design uses words which current OCR abilities are inadequate for. This is a good thing for AI and computer vision and text digitization.

Re:Bad Hacking (1)

beothorn (1795956) | more than 4 years ago | (#33155326)

If it can be broken it must be broken.

Re:Bad Hacking (5, Insightful)

sbayless (1310131) | more than 4 years ago | (#33155364)

No one benefits from reCAPTCHA being broken. No one

You couldn't be more wrong. Sure, breaking reCAPTCHA would create a headache for website admins (including me, for example), but in order to break reCAPTCHA someone has to devise a better text recognition program. And that's great news! This is an example of a general side effect of the cat and mouse game that are captchas. Captcha's are a simple form of Turing Test, where website admins are trying to determine who is a computer and who is a real human being. Every time a captcha gets broken, we get a sophisticated new algorithm for doing something that previously only humans could do (or only humans could do well, at least).

Re:Bad Hacking (0)

Anonymous Coward | more than 4 years ago | (#33155578)

Not quite. If someone were to break reCAPTCHA with a nearly perfect success rate, the same algorithms could be very useful for digitizing old books. If reCAPTCHA becomes completely obsolete, this would mean that their work is done and all the old books can be automatically digitized at last.

Readability (1)

pgn674 (995941) | more than 4 years ago | (#33154938)

There's probably an excellent Firefox plugin to render this page's color scheme more bearable.

I like using a Readability bookmarklet in my bookmarks bar: Readability - An Arc90 Lab Experiment [arc90.com]

Now i (0)

Anonymous Coward | more than 4 years ago | (#33155000)

GETCHA

an excellent Firefox plugin: (0)

Anonymous Coward | more than 4 years ago | (#33155022)

Try hitting ctrl-a.

And that, timothy, is the difference between a dork and a geek. You failed the Twit Filter at reCAPTCHA.

So many better ways than recaptcha (0)

gurps_npc (621217) | more than 4 years ago | (#33155178)

The whole point of these tests is to prove you are human by solving a dificult imaging (or audio) identification problem.

There is ZERO reason to use worthless tests like these as opposed to using real identification. That is instead of using computer generated difficult test, use actual pictures of actual 'difficult text' that an OCR agent failed to identify. Each person is given one alread tested sample and one unknown sample. If you get the already tested sample, then your answer is accepted as 'probable' correct for the unknown sample. Three matching probable correct = confirmed as correct, and move the unknown sample to the "already tested" section

There is more than enough written and audio samples that the world would love to see OCR'ed. We don't have to generate fake ones.

Re:So many better ways than recaptcha (1)

sugarmotor (621907) | more than 4 years ago | (#33155240)

You wrote, "There is more than enough written and audio samples that the world would love to see OCR'ed." -- Where do you get those?

Re:So many better ways than recaptcha (0)

Anonymous Coward | more than 4 years ago | (#33155268)

I don't think you understand what reCAPTCHA does...

Re:So many better ways than recaptcha (0)

Anonymous Coward | more than 4 years ago | (#33155282)

You do realize that reCAPTCHA [wikipedia.org] does exactly what you described?

Re:So many better ways than recaptcha (3, Informative)

JesseMcDonald (536341) | more than 4 years ago | (#33155304)

There is ZERO reason to use worthless tests like these as opposed to using real identification. That is instead of using computer generated difficult test, use actual pictures of actual 'difficult text' that an OCR agent failed to identify. Each person is given one alread tested sample and one unknown sample. If you get the already tested sample, then your answer is accepted as 'probable' correct for the unknown sample.

Congratulations, you've just described ReCAPTCHA! This is exactly how the current system works.

Is this related? (4, Interesting)

Khyber (864651) | more than 4 years ago | (#33155290)

Anybody that pays attention to 4chan recently knows they had to implement captcha due to a massive spamflood of infected morons. recaptcha got busted thanks to someone in /g/ who leaked the vulnerability in the sound system for reCAPTCHA, and the whole site was again inundated with spam, though not to the degree as the original spam attack.

How is this 30% accurate??? (3, Insightful)

mwvdlee (775178) | more than 4 years ago | (#33155406)

When it is claimed to be 30% accurate, I'd expect some 30% of all captchas being correcly guessed. Watching the video, I noticed the algorithm gives itself 30-40% scores for getting just one of the two words right or sometimes even for getting the right length and a few correct letters. Didn't watch it to the end, but in the few minutes I watched, ZERO entire captcha's were solved. So that's ZERO% acurate in my book. For instance, actual captcha text "ware readiness", guessed captcha "votarry rehabbed", reported accuracy 38.24%... how the hell is that over 38% accurate? If you had that level of accuracy when trying to get past a captcha (which is pretty much the definition of it being vulnerable, right?), you wouldn't get past a single captcha. it's 30% accurate if it correcly guessed about 3 out of every 10 captcha's, not if it fails every single captcha.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>