ReCAPTCHA.net Now Vulnerable to Algorithmic Attack 251
n3ond4x writes "reCAPTCHA.net algorithms have been developed to solve the current CAPTCHA at an efficacy of 30%. The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online. Also available is a video demonstration of random reCAPTCHA.net CAPTCHAs being subjected to the algorithms." There's probably an excellent Firefox plugin to render this page's color scheme more bearable. Note: the PowerPoint presentation linked opens fine in OpenOffice, and the video speaks for itself.
OCR improvements? (Score:3, Interesting)
Can these attack algorithms actually increase the accuracy of normal OCR programs?
Is this related? (Score:5, Interesting)
Anybody that pays attention to 4chan recently knows they had to implement captcha due to a massive spamflood of infected morons. recaptcha got busted thanks to someone in /g/ who leaked the vulnerability in the sound system for reCAPTCHA, and the whole site was again inundated with spam, though not to the degree as the original spam attack.
Re:Speaking about re-captcha (Score:5, Interesting)
Hm.
So its for-profit work for the biggest advertising firm in the world.
Sort of expected project gutenberg or something.
Too bad.
New Human Verification Scheme (Score:4, Interesting)
Seeing this article gave me an idea to come up with a new human verification process. I created a C# program in about an hour that loads images from Google images based on searching for 3 of 2000+ nouns. It shows 3 examples of each noun and asks the user to pick the correct noun from a list of 6. This program is just a proof of concept of course. Could this become useful? (Binary and source code included.)
http://enigmadream.com/misc/HumanVerification.zip [enigmadream.com]
Let's hope they hit 100% (Score:2, Interesting)
Then we can just put reCAPTCHA on all pages being used for spam, and get transcription services for free.
Re:New Human Verification Scheme (Score:3, Interesting)
Better still... show a bank of images, ask which one has a happy little girl in it. (all images contain a girl, only one obviously happy). Randomize the backend with a cryptographic routine (so the file names don't give anything away) and you are set for a while. Computers are terrible at such things, people are pretty good at it.