Audio CAPTCHAs Cracked; ReCAPTCHA Remains Strong

Falkkin writes "Ars Technica reports that audio CAPTCHAs consisting of only distorted digits or letters can be easy to crack using machine learning techniques. This includes most of the audio CAPTCHAs currently in use on the Web. The reCAPTCHA team has discussed their new audio CAPTCHA, which is resistant to this attack."

Screen capture

[Dan East]

I'm half afraid to admit this publicly, but did anyone else try clicking the "play" button on screenshot of the audio CAPTCHA player in the first article? I took me a few tries before I realized it was only an image.

hell

[nomadic]

I'm a human being and I can't break audio captcha. Sounds like gibberish to me.

Solution to AI research?

[ashp]

They should just make a CAPTCHA that requires strong AI to crack; we could make a great leap ahead in AI by letting the spammers solve all the problems for us!

Re:I'm sick fo CATCHA

[uglydog]

trust me, his mom would be down for that. in fact, she handles multiple requests simultaneously. in the true multiple cores way, not the hyperthreading way

Audio requred by law

[tepples]

In my crystal ball I see some fool who does not turn off the sound on the PC in an office.

By law, offices of companies over a certain size must accommodate people whose disability requires sound to do their jobs.

Unfortunately, history has shown that many people also still have digital camera's that make the *click* noise

By law, camera phones must make the click noise when operated within some countries to help fight voyeurism.

Re:I'm sick fo CATCHA

[Anonymous Coward]

I'm trying to figure out what that translates to, but it's making my head hurt. So hyperthreading means she is "emulating" multiple "interfaces" with just one... Ow.

BTW, CAPTHCA for this post? "Receptor".

Re:hell

[Lobster Quadrille]

Don't know what your problem is- I'm a perl script and I understood it just fine.

Re:Why are CAPTCHAs so stupid?

[bendodge]

Is this why handwriting won't work? Fancy elderly handwriting is especially hard to read. OCR software is rather helpless against it. (I propose hiring retired people to write words sloppily and scan them!)

Re:Audio requred by law

[Ihmhi]

I think forcing everyone who uses a video camera to dress up like a French cheerleader would fall under cruel and unusual punishment.

Re:I'm sick fo CATCHA

[rhizome]

And for your blind users...?

I'm not the poster you're replying to, but I have a guess at how this works.

First off, the blind person can't see, right? So the chances of them viewing source for a random page (or every form page they encounter) is probably pretty miniscule. At least I'll say it's comparable to the rate that sighted people view source as a matter of course in their browsing sessions.

So OK, they aren't just reading the source, finding a hidden form field and wondering why this hasn't been presented to them by their screen reader. They've just been checking news, blogs, posting a comment or two here and there, but nowhere in their Internet Travels have they had to contend with this curious case of a hidden "Subject:" field. What to do?

It turns out the answer is quite simple. That the blind person, much like their sighted counterpart, does not submit a given form with hidden fields filled in pegs them as a curious person indeed. Since the only submissions without the Subject field filled in will be from people who read the source and (for some reason) decided not to fill in the subject line, or people who just don't know about it. Quite the conundrum! Thankfully from the grandparent post, we know that posts with this hidden Subject: field are disposed of, deleted. Wacky, eh? So it seems, and I'm just speculating here, that filling in hidden fields is actually a way...hold on now...to determine that the submitter is not a person. Beyond that, and really

I have no idea how he does this, blind people are not treated any differently in this regard.
I know, right? It took me awhile to figure it out, but I think I at least have the gist of it.

Submit a facial photograph?

[MarkvW]

What if the applicant for access submits a facial photograph along with his/her application information?

(1) Use facial recognition software to decide whether a human picture has been submitted. Deny access to those not submitting a picture of a human. Store the picture. Keep refining the algorithm.

(2) Determine whether the pictured person has been used in a previous attempt to obtain access. If access has been obtained, don't let them create another account unless their present account is terminated. If access has been rejected, then you have a presumptively bad applicant.

(3) Websites could share database information about the rejected pictured-people. This would bring in more data (like time and volume of a single facial picture's use, for example). That additional information could be used to help refine the algorithm.