3D-Based CAPTCHAs Become a Reality 192
mateuscb writes "A new way of creating a CAPTCHA using 3D objects has become a reality. The idea was thought up independently by blogger Taylor Hayward and by the folks at YUNiTi.com. 'Similar to Hayward's idea, this new technology relies on our ability to identify objects in 3D instead of using alphanumeric characters. YUNiti's 3D Captcha, however, has three objects in the challenge and extends the list of images to any object, not limiting it to animals as in Hayward's idea. This increases the challenge's level of complication to prevent computers from successfully making the correct guesses.' I, for one, welcome the thought of not having to read more and more complex CAPTCHA. Lately, I've been having a hard time getting CAPTCHA to work the first time."
Re:Humans can defeat humans (Score:5, Interesting)
It's much worse than that. Put up a porn site. Use free content. Have a "Solve captcha to get free pics!" blocker.
Now, grab a captcha you want to break, show to pornaholics, get solution, pass it back to the original site.
Perfectly unbeatable captcha solving, for virtually free, and totally automated.
Feh.
object recognition (Score:3, Interesting)
I dunno, there has been quite a bit of research done with image/object recognition. You could break this by not matching pictures directly but by seeing that the first one is a bunny (so look for a bunny in the list), the second one is a hammer, etc...
Re:Easy to defeat (Score:4, Interesting)
They were all pretty easy except for the toilet. I assume it's the lower left one in the grid, but I had to work it out by elimination.
Re:Obvious, not innovative (Score:2, Interesting)
Would that be innovative?
Image size is a problem (Score:2, Interesting)
Re:Humans can defeat humans (Score:2, Interesting)
Easy - just make the CAPTCHA so you have to simultaneously type something with both hands.
I think that could actually be good idea. having not just to type but also to follow certain rules typing, like following a simple rhythm. Maybe typing something under an abstract set of rules, like "make me a triangle" answer could be any combination of keys that results in a triangle, like "sef" "gbh" "vym". Oh well, I'm sure someone thought about it already and found a flaw on it. PS: thinking possible CAPCHA schemes is a fun pass-time.
Re:Humans can defeat humans (Score:5, Interesting)
That's very true. The problem now isn't rendering CAPTCHAs useless, it's doing so by automated means.
As you said, anything that must be used by humans can be broken by humans. But you still wind up with logistics problems--having the money to pay these people (or, in the case of free porn, the bandwidth and content to keep them interested) and the fact that those people are still limited by their humanity. Even the fastest typist wouldn't be able to complete a form (CAPTCHA aside) as quick as a robot. And, if a robot can break a CAPTCHA, it can fill that out faster than a human, as well.
So the issue is preventing, or at least slowing down, robots, which can work 24/7 without a break. A variety of things have been done with normal CAPTCHAs to do this: colors, lines, running letters into each other, adding cats and dogs to letters (seriously). This step, once "perfected" and widely adopted, will be a huge leap in stopping these robots. Even if they can be trained to have a copy of the exact 3D models given (which are sure to increase in variety if not types), they still have to take a picture of it from every single angle, which I believe is 359^3 images, and then compare every single one (which is O(x^n) time, where x is the time for one image comparison).
It's an arm's race, though. Eventually some enterprising hacker will figure out a way for bots to "guesstimate" based on various aspects of an image, and once that solution is sold to the highest bidder we start the war all over again.
slow way to create real AI ... (Score:1, Interesting)
Pose increasingly difficult problems as captchas and wait for someone to create a program that solves it.
Porn and necessity are the parents of invention.
Re:Humans can defeat humans (Score:3, Interesting)
From the rReCAPTCHA FAQ
Are CAPTCHAs secure? I heard spammers are using porn sites to solve them: the CAPTCHAs are sent to a porn site, and the porn site users are asked to solve the CAPTCHA before being able to see a pornographic image.
CAPTCHAs offer great protection against abuse from automated programs. While it might be the case that some spammers have started using porn sites to attack CAPTCHAs (although there is no recorded evidence of this), the amount of damage this can inflict is tiny (so tiny that we haven't even seen this happen!). Whereas it is trivial to write a bot that abuses an unprotected site millions of times a day, redirecting CAPTCHAs to be solved by humans viewing pornography would only allow spammers to abuse systems a few thousand times per day. The economics of this attack just don't add up: every time a porn site shows a CAPTCHA before a porn image, they risk losing a customer to another site that doesn't do this.
They must be Runescape players (Score:5, Interesting)
So Jagex's Runescape MMORPG has had this for a couple of years in random events to defeat macros.
http://www.runescape.com/ [runescape.com]
Re:Humans can defeat humans (Score:3, Interesting)
One, 359^3 leaves out rotations on multiple axes.
Two, even including that, though, you don't need every degree along each axis of rotation, you could probably get by with eighths or maybe even quarter rotations if current machine vision techniques are used. I've seen optical testers that could identify a particular object rotated along one axis with just one "quality ideal" reference photo and tests a few hundred objects/second. Not angles, objects. Spits them out like a machine gun.
Re:First time? (Score:3, Interesting)
Actually I wonder how this captcha holds up against basic neural net analysis. How much do they offer these days for captcha crackers ? It looks like it's basically a silhouette, I expect this will do a lot worse (due to less combinations) than "normal" scrambled letters captchas.
The price has really been going down on captcha crackers. Every idiot and his mother are making them these days. Lots of indians losing jobs ...
The sad thing is, my own captcha crackers are much better at solving captchas than my own mother. And there are days when my program outperforms me as well (might have something to do with alcohol, YMMV).
But writing a computer program solving captchas has become so simple it's not even funny anymore. Just collect a few of them, preferably a few hundred, with solutions, then create a simple 2 or 3 layer neural net with every pixel as input and some way of encoding the answer as output (e.g. a-z0-9, each letter it's own neuron), and train away.
On my newest laptop even doing the training in python is not taking the weeks it used to take. Laptop. Not university supercomputer. Laptop. The huge amounts of memory that come so cheap nowadays really help.
*sigh*. The day that humans will have more trouble "proving" their humanity than computers is marching closer at an amazing speed ...
Basic captcha cracking tutorial [eth1.mine.nu]