Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
The Internet Security

Evolution of the 'Captcha' 383

Posted by CmdrTaco from the why-can't-i-even-read-them-half-the-time dept.
FireballX301 writes "The New York Times is running an article about the small word puzzles various sites use in order to defeat automated script registration while still letting humans through. It seems many people can't actually solve them anymore, so new alternatives (image recognition) are being created. This, of course, seems breakable as well — is there a feasible alternative to the captcha, or are we stuck jumping through more and more hoops to register at places?"
This discussion has been archived. No new comments can be posted.

Evolution of the 'Captcha' More

Evolution of the 'Captcha'

Comments Filter:

  • the hell with registration (Score:1, Informative)

    by Anonymous Coward on Monday June 11, 2007 @08:55AM (#19464091)
    use http://www.bugmenot.com./ [www.bugmenot.com]

  • audio captcha (Score:3, Informative)

    by weighn ( 578357 ) <.moc.liamg. .ta. .nhgiew.> on Monday June 11, 2007 @09:01AM (#19464153) Homepage

    Especially with provisions of Section 508 [wikipedia.org] and the ADA [wikipedia.org] (and foreign counterparts) that ban discrimination against blind people, who use computers through screen readers that render text as speech or braille.
    some sites are including an audio option.
    examples are here [captcha.net] (under Guidelines > Accessibility) and here [accessibilityblog.com]

  • Re:Stop testing the Humans, test the Robots (Score:1, Informative)

    by Anonymous Coward on Monday June 11, 2007 @09:12AM (#19464261)
    This works unless you're talking about a popular open source project in which case it is trivial for the spambots to be coded around it.

  • Re:Stop testing the Humans, test the Robots (Score:5, Informative)

    by Kijori ( 897770 ) <ward,jake&gmail,com> on Monday June 11, 2007 @10:09AM (#19464881)
    The problem is that the solutions are being coded for individual sites not one size fits all. A custom solution would have no problem with that system at all.

  • Re:Knowledge tests... (Score:3, Informative)

    by lazlo ( 15906 ) on Monday June 11, 2007 @10:16AM (#19464975) Homepage
    You know, as a security sort of person, I tend to agree in principle. I do, however, find it fascinating how principle and reality don't quite line up all that often. A case in point, one of the blogs I read fairly regularly uses captchas. He doesn't really obscure it too much, and it's always the same 3 character string, related to the name of the site. Any spammer who actually posted more than once could easily figure it out. So far, none have. He wrote about his experiences with this here. [shamusyoung.com] So maybe captchas don't need to be all that complex...

  • Re:Alternative? (Score:3, Informative)

    by Mr2cents ( 323101 ) on Monday June 11, 2007 @10:18AM (#19464993)

    Now, with only 4 images, you have 1+1+4+4+6+6 = 22 different possible outcomes, while having the problem remain trivially easy for a human.
    Each image either shows or doesn't show a cat, so that are two possibilities. With 4 images that makes 2^4 = 16 possibilities. I don't know where you got "1+1+4+4+6+6" from, but it doesn't make any sense to me.

    (Or maybe I misinterpreted).

  • Re:Knowledge tests... (Score:3, Informative)

    by TodMinuit ( 1026042 ) <todminuit@@@gmail...com> on Monday June 11, 2007 @11:00AM (#19465561)
    You can get away with that if you're a little site. But if you're Google, or Slashdot, or Facebook, then it'll last about two days.

  • Re:Captcha effectiveness isn't related to difficul (Score:3, Informative)

    by Samrobb ( 12731 ) on Monday June 11, 2007 @12:12PM (#19466541) Journal

    Custom solutions tend to work. At least for some time. For popular OSS project this is usually not an option and not all users of the popular OSS software are capable or willing to write a custom solution.

    If you read Shamus' blog post, he's not using a custom solution - he's using a standard Wordpress plugin that is configured to only offer up a single captcha phrase. Presumably, if he were to run into issues with using just the single phrase, he could update his configuration to use additional captcha phrases, without having to do any custom development.

  • Re:Stop testing the Humans, test the Robots (Score:4, Informative)

    by CodeBuster ( 516420 ) on Monday June 11, 2007 @02:28PM (#19468153)
    It would be a VERY intelligent script that could COMPREHEND the purpose of any particular html input field.

    Not really, considering that most of these scripts are targeted at large sites (yahoo, hotmail, etc) OR common site frameworks (PhpNuke, Drupal, Blogger, etc) where common hidden field input patterns would very quickly be tested and coded around by the script writers. The whole point of CAPTCHA in the first place was that it presented a random and dynamic test which was easy enough for users to solve (at least in theory) while hard enough to foil simple analysis by script. This might work on a small custom website where it is not worth the trouble of the script writers to code a version specifically for the hidden input pattern of your site, but this hidden field stuff was tried and failed on big sites even before CAPTCHA was in common use.

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close