Now Even Photo CAPTCHAs Have Been Cracked 340
MoonUnit writes "Technology Review has an interesting article about the way CAPTCHAS are fueling AI research. Following recent news about various textual CAPTCHAs being cracked, the article notes that a researcher at Palo Alto Research Center has now found a way crack photo-based CAPTCHAs too. Most approaches are based on statistical learning, however, so Luis von Ahn (one of the inventors of the CAPTCHA) says it is usually possible to make a CAPTCHA more difficult to break by making a few simple changes."
Re:CAPTCHAs kick-start Singularity (Score:3, Informative)
Re:CAPTCHAs kick-start Singularity (Score:3, Informative)
Sounds like the premise to /usr/bin/god [wikipedia.org] to me.
Re:I don't get it (Score:3, Informative)
If I read the article and summary correctly, it's exactly the sort of CAPTCHA you're suggesting that people have found a reasonably-good solution to.
Unfortunately, often these solutions aren't actually useful AI solutions.
Re:I don't get it (Score:3, Informative)
Yeah, that's solved [google.com]. It's not hard at all for automated parsing software to call another online tool.
Re:Not a security feature (Score:3, Informative)
Wrong. Most sites with CAPTCHAs are trying to keep out automated systems because they are abusive. But this is not "security" any more than banning abusive human posters is "security".
Re:I don't get it (Score:3, Informative)
To detect humans, wouldn't it be easier and less costly, and perhaps even more effective, to hold a large database of questions that are readable and solvable only by humans?
I guess the question becomes how large is large. If you reuse tests too much then the spammers will just build their own database of soloutions.
Using a database of non computer created challenges is a good idea but there needs to be a system for keeping that database topped up. Recapatcha for example picks out words from old books that thier OCR software fails on and uses them to test your users.
Normally they give the user two words, one for which they know the answer already (that is at least two people have given the same answer for it) and one they don't. but if they see failures from an IP they switch to giving the user two words that they know the answer for already.