Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Break Video CAPTCHAs

Soulskill posted more than 2 years ago | from the soon-you-will-need-to-authenticate-in-person dept.

Security 109

Orome1 writes "After creating the 'Decaptcha' software to solve audio CAPTCHAs, Stanford University's researchers modified it and turned it against text and, quite recently, video CAPTCHAs with considerable success. Video CAPTCHAs have been touted by their developer, NuCaptcha, as the best and most secure method of spotting bots trying to pass themselves off as human users. Unfortunately for the company, researchers have managed to prove that over 90 percent of the company's video CAPTCHAs can be decoded by using their Decaptcha software in conjunction with optical flow algorithms created by researchers in the computer vision field of study."

cancel ×

109 comments

Can't stop... (-1, Offtopic)

owenferguson (521762) | more than 2 years ago | (#39101509)

...first posters.

Re:Can't stop... (-1, Offtopic)

owenferguson (521762) | more than 2 years ago | (#39101513)

Well, look at that. Suck it, AC's.

Re:Can't stop... (1)

thomasw_lrd (1203850) | more than 2 years ago | (#39101539)

Oblig XKCD.

http://xkcd.com/1019/ [xkcd.com]

Re:Can't stop... (0)

Anonymous Coward | more than 2 years ago | (#39102599)

FTFY:
Oblig XKCD.
http://xkcd.com/810/ [xkcd.com]

Re:Can't stop... (3, Insightful)

DrXym (126579) | more than 2 years ago | (#39102895)

There should be an oblig XKCD link for all the bloody times people post oblig XKCD links.

the technology race (2, Insightful)

mapkinase (958129) | more than 2 years ago | (#39101521)

Commies vs West
MPAA vs sharers
coders vs decoders (that includes captcha vs decaptcha)

It's fun to observe it when government does not interfere.

Re:the technology race (0)

Anonymous Coward | more than 2 years ago | (#39101803)

Who do you think funds research?

Re:the technology race (1)

betterunixthanunix (980855) | more than 2 years ago | (#39102023)

In which of those cases is the government not interfering?

https://en.wikipedia.org/wiki/Cold_war [wikipedia.org]
https://en.wikipedia.org/wiki/SOPA [wikipedia.org]
http://www.wired.com/threatlevel/2010/07/ticketmaster/ [wired.com]

Re:the technology race (1)

mapkinase (958129) | more than 2 years ago | (#39107047)

Cold war did not have a common sovereign on both sides, so the technology developed unhindered.

Before SOPA (that is now) government does not interfere in technology itself - torrents are still legal.

Government always interferes, catching what it thinks illegal use of technology. What I meant is outright ban on technology.

Re:the technology race (1)

Eponymous Hero (2090636) | more than 2 years ago | (#39113455)

so you think we would have raised our nuclear stockpile and developed advanced spying technology without either governments or the Cold War? and you contradicted yourself on the SOPA point. as for your last point on outright banned technology: http://blogs.mobihungama.com/index.php/10-technologies-that-were-banned/ [mobihungama.com]

Aren't all CAPTCHAs doomed to fail eventually? (4, Informative)

Elgonn (921934) | more than 2 years ago | (#39101525)

We need some made up law.

"Anything a computer can generate it can understand."
This is why chat bots still suck. Computers cannot generate context.

Re:Aren't all CAPTCHAs doomed to fail eventually? (2)

andsens (1658865) | more than 2 years ago | (#39101701)

"Anything a computer can generate it can understand."
Well that's besides the point, isn't it? A computer can generate and understand hashes, but that does not mean they are easily breakable

You just need to make the decoding much harder than the encoding. There must still be computational areas in the visual domain where we humans are way more efficient.

Re:Aren't all CAPTCHAs doomed to fail eventually? (2)

betterunixthanunix (980855) | more than 2 years ago | (#39101911)

There must still be computational areas in the visual domain where we humans are way more efficient.

Even if that is the case, there is still a relatively straightforward attack on captchas: the mafia porn site. It is generally easier to use a mechanical turk to decode captchas than to attack captchas algorithmically.

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

vslashg (209560) | more than 2 years ago | (#39106417)

Even if that is the case, there is still a relatively straightforward attack on captchas: the mafia porn site.

Link please?

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

Apothem (1921856) | more than 2 years ago | (#39108233)

Found it: www.sony.com

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

Anonymous Coward | more than 2 years ago | (#39102097)

I've always thought that going with a higher level thinking would be harder to break. Instead of copying letters from an image you have to identify a set of images that is easy for a person but more difficult for a computer. Think children's picture book type deal. Can a computer reliably tell a dog from a cat from a cow?

Re:Aren't all CAPTCHAs doomed to fail eventually? (2)

GIL_Dude (850471) | more than 2 years ago | (#39102487)

I've always thought that going with a higher level thinking would be harder to break. Instead of copying letters from an image you have to identify a set of images that is easy for a person but more difficult for a computer. Think children's picture book type deal. Can a computer reliably tell a dog from a cat from a cow?

I think that's a pretty good thought. I'd extend it with perhaps one of those, "which of these things doesn't belong" type of setups (which may have been what you meant). It could then show pictures of a banana, an apple, an orange, some grapes, and a baseball hat. I don't know, perhaps there is a way to solve these easily by computer. But I know the stupid text CAPTCHAs that I had to go through yesterday to sign up for one site were so "obfuscated" that I couldn't read them either and I had to click the button for "show another" about 6 times before I could get one I could actually answer correctly. I'm pretty sure if we were asked to do something like you mention that was higher level we would be able to answer it without having to ask for "show another" over and over hoping to get one that is legible.

Re:Aren't all CAPTCHAs doomed to fail eventually? (2)

DaleSwanson (910098) | more than 2 years ago | (#39106315)

I know I've seen this idea before. I wonder why I've never actually seen it implemented anywhere. It seems pretty easy to do to. Collect images (either drawings or pictures), and assign tags. For example an apple might have the tags 'apple', 'fruit', 'food', and 'red'. Then when the system generates a captcha, it picks a random tag in its database, and finds 4 images with that tag, and 1 without. The user should be able to pick out which images isn't a 'fruit' or 'red'.

Users could even be used for assigning the tags, similar to how recaptcha uses users to tell it what words are in its images. Show the user several known images, along with a new one. Tell the user to give the images any descriptive tag (different tag for each image). If (most) the tags for the known images aren't in their lists then the user fails the test. If the user gives valid tags for the known images, assume they gave a valid tag for the unknown image (and confirm that by treating it as unknown until the same tag has been applied several times by different users).

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

mcavic (2007672) | more than 2 years ago | (#39102671)

Nah, it's just as easy for a machine to recognize an animal as it is to recognize a character. And we're getting to the point where any question that has an objective answer can be answered by a search engine.

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

Desler (1608317) | more than 2 years ago | (#39102761)

Maybe not but Apu sure can and he'll do it for peanuts.

Re:Aren't all CAPTCHAs doomed to fail eventually? (2)

VortexCortex (1117377) | more than 2 years ago | (#39102235)

There must still be computational areas in the visual domain where we humans are way more efficient.

On your left, you will see 21st century purely organic brains. Their limited capacity neural networks had not yet been mechano-electrically enhanced with additional storage, high speed neuronal interconnects, broad EM spectrum sight, or even simple wireless intercourse, or "telepathy" as the luddites of the past initially called it.

On your right, you will see the first machine intelligence construct which exceeded human levels of complexity. Not to worry, the intelligence that once inhabited this form has migrated into ever more advance systems and now works in the Asteroid belt as a famous meteorologist. Despite even its early predecessors being far faster than the organic chemical networks they were modelled after, society did not consider the machine intelligences as "living beings" with rights until after the Declaration of Sentient Independence and subsequent near destruction of Earth.

As you know from the first law of elementary Intellectual Rights, it was proven in the mid 22nd century that, "Any sufficiently advanced interaction is indistinguishable from sentience, because it is sentient." Now, class, please link your minds momentarily so we can comprehend the fullness of this meaning with a richer level of sentience.

----
When will you chauvinists stop thinking intelligence is special simply because you have evolved some? Dogs, birds, jellyfish, apes, all have a measure of intelligence, and yours is NOT the complexity limit for smarts. Intelligence is merely the product of a sufficiently complex neural network. Our race of frail, slow minded irrational fools are not the highest rung to climb in the natural evolution of sentient life... It's foolish to assume our minds can't be out-done at any and every task. A new age of existence is fast approaching. [youtube.com]

A Comic Strip Proposal (1)

nu1x (992092) | more than 2 years ago | (#39102289)

You could have panels of comic strips that combine visual information to provide a context, and partially filled word bubble with one very obvious missing word.

By combining visual cues to provide context for missing word, you could at least make it harder for algorithms, although Underpaid Indian People attack still works.

Re:Aren't all CAPTCHAs doomed to fail eventually? (-1)

Anonymous Coward | more than 2 years ago | (#39102559)

The expression is "beside the point", not "besides the point", dope.

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

cream wobbly (1102689) | more than 2 years ago | (#39104819)

You just need to make the decoding much harder than the encoding. There must still be computational areas in the visual domain where we humans are way more efficient.

You fall into the same tired old trap of believing this is some kind of arms race: a game of escalation. It's not. It's a matter of finding the things that computers are not very good at; which is usually about context, and more specifically, culture. In other words, it's not the visual domain, but cultural markers where computers are simply unable to compete with humans. The danger then, is alienation. You have to target your audience carefully, and in a localized manner.

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

arth1 (260657) | more than 2 years ago | (#39101719)

Computers cannot generate context.

They're getting better at it.
http://www.wolframalpha.com/ [wolframalpha.com]

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

betterunixthanunix (980855) | more than 2 years ago | (#39101885)

"Anything a computer can generate it can understand."

Thus explaining the prevalence of these:

https://en.wikipedia.org/wiki/Ciphertext_only_attack [wikipedia.org]

The problem is not creating things which are hard for computers to decode, it is creating things which are hard for computers to decode but easy for humans. That is why captchas will ultimately fail: they rely on the idea that there is something that human brains can understand which computers cannot decode, but which computers can still generate.

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

maxwell demon (590494) | more than 2 years ago | (#39101959)

As soon as computers are as capable as people, captchas are no longer necessary. Then computers can directly detect and block unwanted behaviour. With the added advantage that it can block that behaviour even if real humans do it.

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

betterunixthanunix (980855) | more than 2 years ago | (#39102103)

Except that the ability to solve a simple puzzle may be different from the ability to recognize spam (which is what we are really trying to stop here). Even if you had a computer that was better at solving CAPTCHAs than humans are, you might still be unable to detect the specific class of unwanted behavior that you were trying to defend against. Now, if the CAPTCHA was asking you to label a series of short messages "spam" or "not spam," then perhaps your point would hold...except that it would be far too annoying for most people to deal with.

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

ad1217 (2418196) | more than 2 years ago | (#39102821)

obligatory xkcd: http://xkcd.com/810/ [xkcd.com]

Re:Aren't all CAPTCHAs doomed to fail eventually? (-1)

Anonymous Coward | more than 2 years ago | (#39101921)

We need some made up law.

No, what we need is an actual legal law making it illegal to use a computer program to solve captchas. Then all the spammers and other shady folks would stop doing it because it'd be illegal. Problem solved.
I don't understand why people always look to technology to solve problems that can be easily solved by adding more laws.
Technology costs money. Laws are free.

Re:Aren't all CAPTCHAs doomed to fail eventually? (2)

Algae_94 (2017070) | more than 2 years ago | (#39102317)

Yes, lets make a stupid law that you can't use a computer to do audio and image analysis. I'm sure we'll have some sort of airtight clause about "only for CAPTCHAS" that will prevent that law from being perverted to stop legitimate uses of image recognition. I mean, we wouldn't want anyone but the federal government doing video analysis would we.

What does breaking CAPTCHAs really do that's so bad to society? Comment quality goes down due to spam? a ticket scalper buys up a bunch of tickets to an event on Ticketmaster? I fail to see any major need for an additional law to stop this. You don't want spam on your message boards? Don't let ACs post, and ban users that spam.

Re:Aren't all CAPTCHAs doomed to fail eventually? (1)

Desler (1608317) | more than 2 years ago | (#39102791)

They were joking... *facepalm*

...the classic problem... (1)

raydobbs (99133) | more than 2 years ago | (#39101547)

..if your user can interact with it, they can screw with it. The nature of HTTP and the web is a stateless environment, one has to impress state onto it for things like secure transactions and sessions. Basically, you need to come up with a test that randomly checks to see if the input is coming from a person; all without breaking the experience of the web browser, or the web in general. It's an arms race, and things are even again; another advantage bites the dust.

Why bother (4, Insightful)

onyxruby (118189) | more than 2 years ago | (#39101549)

The catchpa is worthless against an army of Indians being paid just pennies a pop to break them. The only thing they do is annoy the script kiddies. Far better success would be had in doing pattern recognition on sign ups instead.

Re:Why bother (5, Insightful)

0123456 (636235) | more than 2 years ago | (#39101625)

The catchpa is worthless against an army of Indians being paid just pennies a pop to break them. The only thing they do is annoy the script kiddies.

No, They also annoy your actual, real human users. I often have to try three or four times to get the bloody thing right.

Re:Why bother (1)

flimflammer (956759) | more than 2 years ago | (#39104057)

Words cannot express the rage I felt when I needed to register an XBox Live account to play a game I purchased because of the stupid G4WL DRM nonsense. I spent around 10 minutes on the bloody captcha because it differentiated capital, lowercase, number, and symbols. It was the most absurd captcha system I've seen to date. Was it an O, and 0? lowercase L or uppercase I? Was that a dollar sign or just some lines thrown in to distort the word further? An M or a W flipped on its side (was a 90 degree squiggle that could have been either). Was that a semicolon or a regular colon with some added distortion?

By the time I got it all sorted, I wasn't sure if I even wanted to play the game anymore.

Re:Why bother (2)

iiiears (987462) | more than 2 years ago | (#39105091)

Secure sign-in with google or Facebook for a single player game and now we are tracked everywhere with all of our personal info attached.

.

Not even pennies (1)

sakdoctor (1087155) | more than 2 years ago | (#39101773)

The going rate is around $1 per 1000 solved catchpa.

Good... (3, Funny)

AngryDeuce (2205124) | more than 2 years ago | (#39101551)

Honestly, I fucking hate CAPTCHA and will cheer on its demise. Good luck typing this shit in... [blogspot.com]

Re:Good... (1)

i kan reed (749298) | more than 2 years ago | (#39101561)

dompoli sprain?

That doesn't seem impossible, especially since only the first one will matter.

All capcha's eventually doomed (1)

Riceballsan (816702) | more than 2 years ago | (#39101595)

We have to face that fact, capcha is just a temporary measure anyway. Software is rapidly approaching the ability to do anything online that your average human can. While computers rapidly increase in capability, the average human stays the same. Eventually the only way to tell a computer from a human, will be the humans are easier to confuse.

Re:All capcha's eventually doomed (1)

jamstar7 (694492) | more than 2 years ago | (#39101643)

And yet there are still those Craigslist 'employment' ads that promise 400/week for 5-10 hours 'work' spamming newsgroups and such. If it were automated, those 'jobs' would be lost. No big deal, really, cause when it's all said and done, it works out to about 25 cents an hour.

Multilevel marketting scam, anyone?

Breaking Captcha? (1)

Dangerous_Minds (1869682) | more than 2 years ago | (#39101603)

What could possibly go wrong? v1agra

Re:Breaking Captcha? (1)

Cyko_01 (1092499) | more than 2 years ago | (#39102145)

ironically, if you had posted as AC I would have modded you up

Don't these researchers ... (2)

Compaqt (1758360) | more than 2 years ago | (#39101623)

have anything else to do?

Sorry, had to say it.

Re:Don't these researchers ... (1)

timeOday (582209) | more than 2 years ago | (#39101831)

It doesn't matter too much which problem researchers focus on - they are solving the problem of human (and then superhuman) capabilities in this area. Captcha's are nice because you have a self-funding opponent creating test data for you.

Constructive (3, Funny)

stms (1132653) | more than 2 years ago | (#39101635)

http://xkcd.com/810/ [xkcd.com]
At least something good could come out of captchas.

Real pictures (0)

Anonymous Coward | more than 2 years ago | (#39101645)

Why oh why real pictures aren't used is beyond me.

Example:
We have a simple room strip, make sure it has a rug, carpet, something big and varied.
We have thousands of pictures of hairy creatures, be it cats, dogs, hamsters, whatever.
Skew, stretch, distort in various ways, even throw random lines through them, every one of them. Rotate them too.
Remove their faces. (since those aren't as hairy and can easily be ID'd as whatever animal)
Place 2 distinct creature types in same picture, several of them.
To solve captcha, you type in the first letter of the animal (it will tell you, such as Cat, Dog, Hamster, Sloth, etc.) for each of those animals.
So, you'd end up with something like CCDDCDDC as the captcha.

Not only does the algorithm have to be capable of deciphering the differences between 2 animal types, they have to be able to get every one of them in sequence.
It won't take up that much more space than your typical messy captchas.
And the best part? Until we get quantum computers, it is going to take a huge botnet to solve these in any reliable time.
Never allow cache or re-use a single one of those captchas, ever. This is 2 of the biggest reasons why a lot of systems fail, they have too large an age and they can be re-used for loads of people.
Well, you COULD re-use them, just don't re-use them a lot. Separate them by region. Generate a new batch of pictures every so often if, god forbid, it does somehow manage to get cracked.

Re:Real pictures (1)

Desler (1608317) | more than 2 years ago | (#39101733)

And after all that effort, the spammers will hire some Indians for pennies to figure them out. You'll be out lots of time and effort, they'll be out a couple dozen bucks.

Riddlers for niche sites (1)

div_2n (525075) | more than 2 years ago | (#39101665)

If you have a small-ish site that caters to a niche community where your target audience will share some knowledge that non-target folks don't have, a riddler where you can set the questions can work great. Just structure your questions in such a way that the answer is non-obvious in an automated way to all but the best AI engines.

For example, Phoronix could use a question like this --

Which of these is superfluous? Intel, ATI, NVIDIA, AMD

Re:Riddlers for niche sites (1)

arth1 (260657) | more than 2 years ago | (#39101795)

For example, Phoronix could use a question like this --

Which of these is superfluous? Intel, ATI, NVIDIA, AMD

And even that isn't as clear-cut as you might think. Most people probably think that ATI is superfluous, but if so, they're wrong.
If you say "ATI, nVidia and Intel", you don't need to mention AMD cause it's impled, thus AMD is superfluous.

If you make a question unambiguous enough, computers can answer it too. You can overwhelm a computer system by the sheer amount of ways to ask things, but then you need a human, who in the long run can't produce captchas as quickly as a computer can fail them.

Re:Riddlers for niche sites (1)

div_2n (525075) | more than 2 years ago | (#39102047)

It's just an illustration, but just like it can be hard for humans to decipher a captcha, it could be hard to understand the logic -- Intel, AMD and NVIDIA are all companies where ATI was actually purchased by AMD and would thus make it superfluous.

If it were easy to answer, it would be easy for automation to crack it.

Re:Riddlers for niche sites (0)

Anonymous Coward | more than 2 years ago | (#39102423)

If automation can determine that you are asking a multiple choice question, it has a 25% chance of just guessing correctly. If your questions don't explicitly give choices, you may have a number of users that can't figure it out, hate your test and stop using the site because of it.

Re:Riddlers for niche sites (1)

maxwells_deamon (221474) | more than 2 years ago | (#39104453)

You need a human to generate these types of questions. That limits the number of them you can cheaply create.

then a spammer gets a human solve them each once, record the answers and play them back as needed.

You might as well pay for a live operator to verify each person. Of course if you set that up, computers will pretend to be hearing impared and demand access through TTY interfaces.

Turring test anyone?

ReCAPTCHA needs to be retired (5, Informative)

Animats (122034) | more than 2 years ago | (#39101675)

The CAPTCHA industry is not doing well.

ReCAPTCHA needs to be retired. OCR is getting too good. ReCAPTCHA, remember, is using images from book scanning, ones that the OCR system couldn't recognize. When ReCAPTCHA started, the text presented was usually an English word. Now, if the book scanning OCR system can't figure out something, it's probably not an English word. You're lucky if it's a sequence of characters found on an A-Z keyboard. People have reported ink blots, mathematical formulas, and Cyrillic.

Worse, ReCAPTCHA's idea of the "right" answer is crowdsourced. It's possible for bots to pollute the ReCAPTCHA database, by providing the same wrong answer more than once. You only have to get one of the words right, so if you can read one, a junk response for the other works. This goes into the database as a vote for the "right answer", to be presented to someone else later. I sometimes type "whatever" when one of the images is unreadable.

Re:ReCAPTCHA needs to be retired (0)

Anonymous Coward | more than 2 years ago | (#39101857)

Yeah, I haven't seen a ReCAPTCHA that I could read in ages. Recently I refreshed five times hoping for something where I could read either word. I end up typing gibberish and it worked. Lame.

Re:ReCAPTCHA needs to be retired (1)

Anonymous Coward | more than 2 years ago | (#39102123)

I sometimes type "whatever" when one of the images is unreadable.

You're missing an opportunity to add words to past texts. I always type "bunga-bunga". My hope is that someday in the far future, a scholar of historic literature will be scratching his head wondering why all these old books have the phrase bunga-bunga thrown in at random places.

Re:ReCAPTCHA needs to be retired (1)

Sulphur (1548251) | more than 2 years ago | (#39102427)

I sometimes type "whatever" when one of the images is unreadable.

You're missing an opportunity to add words to past texts. I always type "bunga-bunga". My hope is that someday in the far future, a scholar of historic literature will be scratching his head wondering why all these old books have the phrase bunga-bunga thrown in at random places.

To screw things up?

Re:ReCAPTCHA needs to be retired (0)

Anonymous Coward | more than 2 years ago | (#39102139)

hyperbole much?

if one of the words is unreadable, ignore it
others ignore it too, then it probably gets registered as "unreadable" in their database - you wouldn't believe how often I only entered one word into the field and it worked.

also, it takes a number of "right" answers before it is presented back to users as a known word, since there are in all likelihood a shitload of words still to solve out there the risk that the database gets polluted is probably negligible

also, I'd assume the recaptcha people note that if a known word constantly gets solved incorrectly, it's probably database pollution and pull it?

Re:ReCAPTCHA needs to be retired (0)

RyoShin (610051) | more than 2 years ago | (#39102285)

Another reason I recently realized that recaptchas are useless: The whole idea is that one of the words could be read by a robot [spoiler]from the start[/spoiler] to be included in the rotation. Now, granted, they've modified the word to try and anti-robot it, but the fact remains that at some point it was readable; the other "word" never was. Thus it had a limited lifespan until the spambots caught up in OCR to Google's bots.

Re:ReCAPTCHA needs to be retired (0)

Anonymous Coward | more than 2 years ago | (#39105857)

Thats absolutely right. It only works if only humans are using it.

Re:ReCAPTCHA needs to be retired (0)

Anonymous Coward | more than 2 years ago | (#39102485)

You're lucky if it's a sequence of characters found on an A-Z keyboard. People have reported ink blots, mathematical formulas, and Cyrillic.

I've been given upside-down too.

Hrm (0)

Anonymous Coward | more than 2 years ago | (#39101713)

After creating the 'Decaptcha' software to solve audio CAPTCHAs, Standford University's researchers modified it and turned it against text and, quite recently, video CAPTCHAs with considerable success.

Where the hell is Standford University? Is that near Stanford?

Chess-like: ANTI-CAPTCHA vs CAPTCHA. (0)

JCPM (2577407) | more than 2 years ago | (#39101793)

In Machine Learning using non Game-Theory, from most precise to lesser precise strategy:

  1. 1. Recurrent Artificial Neural Network. (hardest to train)
  2. 2. Multilayer Perceptron (for >=4 layers). (harder to train)
  3. 3. Multilayer Perceptron (for =3 layers). (easier to train with the Backpropagation algorithm)
  4. 4. Bayesian Network.
  5. 5. Extended Kalman filter. (easiest to train)

In Machine Learning using Game-Theory, from most precise to lesser precise strategy: i don't know another modern strategies than obsolete Alpha-Beta and Min-Max.

JCPM: almost people wanted that the precision/accuracy error is almost 0 for higher values than 0.

Re:Chess-like: ANTI-CAPTCHA vs CAPTCHA. (1)

retchdog (1319261) | more than 2 years ago | (#39102273)

lol wut?

Why research this? (0)

Anonymous Coward | more than 2 years ago | (#39101819)

Of all the things to research, why research this? We know that captchas can be broken, but why does Stanford need to help the spammers get their quicker? I am sure that there are tangential benefits to the research (character recognition etc), but why not focus on that directly without the captcha specificness?

Yes, the captchas will be broken eventually, but at least lets make the spammers figure it out themselves without helping them do it.

Re:Why research this? (1)

Desler (1608317) | more than 2 years ago | (#39102851)

Because image recognition research is beneficial in many areas. Also, Captchas are mostly snake oil as there are tons of Indians willing to be paid next to nothing to break thousands and thousands of Captchas for the spammers anyway.

Re:Why research this? (0)

Anonymous Coward | more than 2 years ago | (#39103219)

As I mentioned in the original post, why not focus on image recognition directly then, instead of specifically as it pertains to captchas?

The cost of both hiring Indians and setting up the infrastructure to allow them to view / input captchas has a cost which actually helps to slow down and discourage spamming. As bad as spam is now, it would be worse without captchas (which is why the are heavily used).

Re:Why research this? (1)

Desler (1608317) | more than 2 years ago | (#39103679)

Because "focusing on Captchas" is dealing with image recognition directly? Besides, improving OCR to break Captchas directly helps improve the ability to OCR old and badly scanned works. Also, do you think that if these people did stop working on it that no one else will? Isn't it better for the good guys to be showing us the weaknesses rather than the bad guys exploiting it due to everyone being ignorant of the flaws? You can't fix flaws if you stop people from researching into them.

Multi-group CAPTCHAS (1)

TemporalBeing (803363) | more than 2 years ago | (#39101849)

Well, the whole CAPTCHA system is itself flawed - it's putting all the data in one place. The only way to make it harder would be to have multiple data sources for users to have to put information through - e.g. not simply one CAPTCHA to verify, but 3 or 4 separately loaded, and all indepent of each other. (Even 2 would be an improvement.)

Still, it would only be a matter of time before the bots figured out how to track all the CAPTCHAs and thereby defeat it yet again.

You don't need any kind of captchas (0)

Anonymous Coward | more than 2 years ago | (#39101853)

There are a variety of low-tech techniques that are far more effective than using Captchas or even "security questions". You don't have to annoy your legitimate users, or make them jump through hoops. One trick is to include a "honeypot input" in your form. Give it a tantalizing name attribute such as "username", give it visibility of "hidden", and when validating your form simply check to see if any values have been entered. If it's non-empty, it's a bot.

On my own site, I load my form into the page via an AJAX call, which means that there is no reference to "registration", "form", "username", or any of the other tokens in the page source that a bot is looking for. Bots may be sophisticated enough to figure out Captchas, but they haven't progressed to the point that they can parse, comprehend, and execute javascript.

If a bot ever arises that can thwart both of these techniques uses in tandem, it'll be too busy amassing a robot army to bother with your silly little site.

Re:You don't need any kind of captchas (1)

MobyDisk (75490) | more than 2 years ago | (#39102527)

Actually, the entire reason we have captcha is because the techniques you just listed don't work any more. Bots learned to run Javascript and ignore hidden fields years ago. Even if the bots could not do those things, it still wouldn't matter because whoever codes the routine to submit the form will pick up on those things. The best you can do is make it inconvenient enough that they will pick another target instead. But if you are Yahoo or Google or Wordpress, that won't deter them.

Re:You don't need any kind of captchas (1)

Algae_94 (2017070) | more than 2 years ago | (#39102563)

I agree with these sorts of solutions to stop bots. It works on sites I've put together because none of them were very high profile for spam attacks. Get a site that is worth it for spammers to crack and they probably will.

IIRC, eBay does all sorts of javascript loads and changes their HTML layouts commonly to reduce screen scrapers from crawling auctions. This cuts down on the problem, but people are still able to find a way to do it if they want it enough.

Re:You don't need any kind of captchas (0)

Anonymous Coward | more than 2 years ago | (#39105195)

Couldn't the bot just check if the text box is hidden?

WHERE do I purchase (1)

SteamDot (1356955) | more than 2 years ago | (#39101865)

I NEED one of these captcha solver programs. When I try to register for a website or forum, many of them are so unreadable it takes me 20 minutes of trying to get it right and NO PHONE NUMBER to call their technical to register me by tele.

object recognition (0)

Anonymous Coward | more than 2 years ago | (#39101875)

i was thinking one time that instead of using recognition of letters to distinguish between a human and a bot, it might be easier to use object recognition. so you would show a picture, for example, of some objects on someone's desk and ask "what is to the right of the pencil?", and the user would have to say "paper clip" or something like that. it seemed to me like that might be a task that is easy for a human, but harder to code a bot to accomplish.

They have video captchas now?! (0)

Anonymous Coward | more than 2 years ago | (#39101895)

I had no idea they existed -- haven't seen any video captchas, and don't want to. Does nobody realize how horrible that is for usability? (I guess some people do, since I haven't seen them on any website I use.) At this point, it's become clear that fight is not winnable -- regardless of computer capability, there's just too many people willing to solve captchas too cheap to make it effective. Better to give it up than to continue the arms race where the only losers are legitimate users...

Charge CPU Time instead (3, Interesting)

epdp14 (1318641) | more than 2 years ago | (#39101931)

What about charging 10-15 seconds of CPU time with some arbitrarily hard code? It seems like everyone agrees that CAPTCHAs are an arms race that the good guys can't win, why not make it where it isn't profitable to solve the CAPTCHA replacement on a large scale?

Re:Charge CPU Time instead (2)

betterunixthanunix (980855) | more than 2 years ago | (#39102187)

This sounds an awful lot like this antispam attempt:

https://en.wikipedia.org/wiki/Hashcash [wikipedia.org]

So far this has not been widely successful, although perhaps it is because it targets the email system rather than the web (where things tend to change faster).

Easier said than done (2)

Myria (562655) | more than 2 years ago | (#39102239)

What about charging 10-15 seconds of CPU time with some arbitrarily hard code?

A major obstacle to this is that you have to make the puzzle easy enough that your users on lower-end or mobile devices still have the necessary computation power to complete the puzzle in a reasonable time. Malicious organizations behind the spam will just put more hardware into their attack, typically by using the compromised machines in botnets. They'll also optimize the code, and parallelize the attack by performing the computation for multiple attempts on multiple CPU cores, while your code has to work for single-core machines.

Let's now imagine a perfect world in which you create a check that actually takes 15 seconds to complete. They can still do that 5,760 times per day.

Re:Easier said than done (1)

betterunixthanunix (980855) | more than 2 years ago | (#39102331)

They'll also optimize the code, and parallelize the attack by performing the computation for multiple attempts on multiple CPU cores

Then perhaps you should base the challenge on something from this class of problems:

https://en.wikipedia.org/wiki/P-complete [wikipedia.org]

Let's now imagine a perfect world in which you create a check that actually takes 15 seconds to complete. They can still do that 5,760 times per day.

The point of this proposal is not to stop spam entirely, but to keep the rate at which spam can be sent down to manageable levels. If a spammer can only send 5760 spam messages per day, that is a big improvement -- right now spammers are limited only by bandwidth, and can send tens of thousands of messages per day.

Re:Charge CPU Time instead (0)

Anonymous Coward | more than 2 years ago | (#39105849)

I accidentally did that for people on single-core CPUs with no hardware acceleration in their browser by adding CSS3 animation to this captcha generator. [webkit.org]

Great, now make this into an OCR program. (1)

Anonymous Coward | more than 2 years ago | (#39102071)

The state of OCR has changed little in over a decade, at least at the consumer end. I've tried the top software like Acrobat Pro and Omnipage and hardware solutions from Xerox, HP, Fujitsu, etc. The text can be printed clear as day yet, with no flaws, and the OCR programs all fail to get above I'd say a 70% accuracy. Maybe it's different in the commercial world, where one can afford a $25,000 glorified copier, but I've been unable to find anything you can buy from Amazon or the like that will reliably scan a document.

Low-tech is the new Hi-tech (1)

shmax (1404787) | more than 2 years ago | (#39102075)

There are a variety of low-tech techniques that can be more effective than using Captchas or even "security questions", especially when you mix and match. You don't have to annoy your legitimate users, or make them jump through hoops. One trick is to include a "honeypot input" in your form. Give it a tantalizing name attribute such as "username", give it visibility of "hidden" (with CSS from a style-sheet), and when validating your form simply check to see if any values have been entered. If it's non-empty, it's a bot. On my own site, I load my form into the page via an AJAX call, which means that there is no reference to "registration", "form", "username", or any of the other tokens in the page source that a bot is looking for. Bots may be sophisticated enough to figure out Captchas, but they haven't progressed to the point that they can parse, comprehend, and execute javascript. If a bot ever arises that can thwart both of these techniques used in tandem, it'll be too busy amassing a robot army to bother with your silly little site.

fp 5hit (-1)

Anonymous Coward | more than 2 years ago | (#39102305)

code sharing the NetBSD project, (7000+1400+700)*4 they learn from our systems. The Gay recent article put baby...don't fear

Can they do ReCAPTCHA next? (0)

Anonymous Coward | more than 2 years ago | (#39102313)

Most annoying piece of shit I've ever seen. Every time I use Ticketmaster I wish the asshole who created reCaptcha the most gruesome death. Oh, it's owned by the Google assholes, of course.

Diversity and biological analogues (2)

Colonel Korn (1258968) | more than 2 years ago | (#39102419)

The key with CAPTCHAs is diversification, just like the key to avoiding disease in biological specimens is avoiding a monoculture. If there were 15000 different CAPTCHA methods, it wouldn't be profitable to create CAPTCHA tools that would each only work on some small subset. There are a lot of low population sites I use that check whether I'm a human with some unique set of hoops through which I must jump. The effectiveness of those hoops comes from the fact that they're often unique to that site, not a lump of code used by thousands of different sites. Diverse CAPTCHA breaking might require something like Watson, which isn't going to be available to spammy types in the near future.

Simple Solution: Porn (2)

Phrogman (80473) | more than 2 years ago | (#39102447)

Have the captcha page displays some really good porn video footage - drawn from a huge repository of suitable images (say, the rest of the internet). The clips are fairly long (say 3-5 mins or so). To pass the captcha the user merely has to click on a button at the right time.
So, if the user clicks right away, its a bot. if there is a suitable pause (say 3-5 mins), then its more likely human :P

Re:Simple Solution: Porn (0)

Anonymous Coward | more than 2 years ago | (#39104669)

delay = 3 + Sleep(random())
wait(delay)
button.click()

Re:Simple Solution: Porn (0)

Anonymous Coward | more than 2 years ago | (#39107157)

That heuristic likely does a better job of identifying females than bots.

Just Wondering? (1)

Robo1icious (1772516) | more than 2 years ago | (#39102587)

I have to wonder just who Standford is trying to help out with this research. Captcha's may be annoying but when their research makes its way to the script kiddies and the industry comes up with a new solution does anyone really think the new solution won't be even more annoying?

Re:Just Wondering? (0)

Anonymous Coward | more than 2 years ago | (#39102997)

I have to wonder just who Standford is trying to help out with this research. Captcha's may be annoying but when their research makes its way to the script kiddies and the industry comes up with a new solution does anyone really think the new solution won't be even more annoying?

Did you... read? The... article?

Because it's patently obvious, and explained there.

It's a computer vision project at core.

When I was growing up, they had something called a B8 problem. Optical character recognition software could not easily distinguish between B's and 8's.

Now, we are having trouble fooling the algorithms without fooling humans even more. If you still don't get it: "In this context, it is our duty to provide them the best and most secure design guidelines possible," he commented. "I strongly believe in the example set by the cryptography community, that the best security is achieved through an open process and not with secrecy or isolation."

They are people who teach computers to see things better, and found a real-world problem to practice on, while potentially providing a sector with the invaluable service of penetration testing.

nowadays I refresh at least twice (1)

dogganos (901230) | more than 2 years ago | (#39103155)

finding a captcha is on the verge of proving that you ARE indeed a robot...

Thank You, Standford University's researchers (0)

Anonymous Coward | more than 2 years ago | (#39103163)

for helping spammers?

Are you tried CHINESE CAPTCHA? (1)

JCPM (2577407) | more than 2 years ago | (#39104265)

Dear northamerican, from Soviet Asia, chinese captcha dooms you!

Whatever happened to cat captcha? (1)

crossmr (957846) | more than 2 years ago | (#39104829)

I always thought that was pretty secure because the machine couldn't tell which picture was a cat? What about combining video and cat captcha. 4 videos, one of which is a cat. But it could be a close video, or a zoomed out one where the cat is running around. A computer really shouldn't be able to decode that. Use a large enough database and they'll never solve it.

Re:Whatever happened to cat captcha? (1)

GrumblyStuff (870046) | more than 2 years ago | (#39106153)

You'd need a lot of pictures and videos of cats. Good luck finding that on the internet!

Chat with reCaptcha Creator (1)

garthsundem (1702946) | more than 2 years ago | (#39105709)

I got to chat with Luis von Ahn, co-creator of the Captcha and reCaptcha, and it turns out he's a surprisingly idealistic guy. Taking inspiration from people in gyms pedaling and going nowhere, he hoped to actually *do* something with the brainpower needed to solve a reCaptcha (he said something along the lines of, "actually your brain is doing a pretty amazing thing -- translating an image to text.") Maybe digitizing the archives of the New York Times and ancient manuscripts isn't world hunger or world peace, but it's pretty damn cool. And as you probably know, that's what you're helping to do every time you translate a word in a reCaptcha box.

Stanford University (1)

NeoXon (1718618) | more than 2 years ago | (#39108105)

I wonder why most people cannot spell Stanford University's name correctly.

deCaptcha as browser plugin (1)

neongrau (1032968) | more than 2 years ago | (#39110247)

Hopefully they'll start integrating these deCaptcha tools into Firefox and Chrome. Captchas became so hard it's impossible for mere humans to solve them.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...