Captcha Security Not Much of a Gotcha

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Just as you've always suspected, those stupid captcha things suck at everything except annoying you. Not to scare you or anything but this guy was able to crack the captcha on Visa's Authorize.net payment site 66% of the time, Blizzard's site 70% of the time and MegaUpload 93% of the time.

Many Captchas don't work well at all. More precisely, the researchers invented a standard way to decode those irksome letters and numbers found in Captchas on many major Web sites, including Visa's Authorize.net, Blizzard, eBay, and Wikipedia.
 

jadams

2[H]4U
Joined
Mar 14, 2010
Messages
4,086
Thats impressive considering I have a hard time deciphering them myself alot of times.
 

B2BigAl

2[H]4U
Joined
Mar 23, 2003
Messages
2,076
So can we get rid of these stupid things now? I swear, they've gotten so ridiculous with their methods of obfuscation, that I can't even read the damn things anymore.
 

Azhar

Fixing stupid since 1972
Joined
Jan 9, 2001
Messages
18,876
CAPTCHA has been getting worse lately with using mathematical formulas or foreign alphabets such as Arabic, Kanji and Chinese caligraphy. I wonder what's going on with that.
 

InorganicMatter

[H]F Junkie
Joined
Oct 19, 2004
Messages
15,464
I hate CAPTCA. So much that I've started not using websites that give me ridiculous ones. Numbers and foreign symbols? Yeah right, hold on while I pull up the Windows Character Map and figure out the alt-code.
 

TheBuzzer

HACK THE WORLD!
Joined
Aug 15, 2005
Messages
12,957
captcha is not going to work because of sites that goal is to get p2p to solve it. that way they dont need to solve it in a wait time period using downloading sites.
 

Rockferd

Feelz
Joined
Jun 25, 2010
Messages
427
It's even worse for use who can't see well to begin with. And the sound option? Please, that's even harder to decipher.
 

octoberasian

2[H]4U
Joined
Oct 13, 2007
Messages
4,082
CAPTCHA has been getting worse lately with using mathematical formulas or foreign alphabets such as Arabic, Kanji and Chinese caligraphy. I wonder what's going on with that.

I hate it when the CAPTCHAs use foreign languages that I can't even type with an English keyboard.

Arabic being one of the more common ones I've come across. French and Spanish a close second. Chinese and Japanese last.

I've gotten a few mathematical formulas already.

I think the more creative ones I've seen was identifying an object, selecting it, and drag-and-dropping it onto a target box before proceeding. I can live with that instead of trying to discern some cryptic hieroglyphic.
 

Ducman69

[H]F Junkie
Joined
Jul 12, 2007
Messages
10,542
A fun trick with captcha on some sites that use two words. One is real and its usually obvious as it looks funky. The second is clearly different and uses punctuation, so you can type whatever you want for that word which goes into some kind of database for them (basically using you as free deciphering labor).

As such, I typically type in something offensive for that word, and it accepts it all the same. :D
 

AmberClad

[H]ard|Gawd
Joined
Aug 19, 2005
Messages
1,062
I was watching this PBS episode a few weeks ago (NOVA maybe), and it had a feature on Luis von Ahn, the 30 year old college professor who invented Recaptcha, and how it had the dual purpose of translating old texts.

I think they were painting it as some sort of wonderful example of crowd-sourcing being used to solve science/history problems, but the whole time I had an urge to throttle the dude, and wondered if he even had a clue how much the average person despises his invention :rolleyes:...
 

Chimel

Gawd
Joined
Jul 19, 2010
Messages
981
Funny how the only two captchas I see regularly are the only two he couldn't decipher, Google and Recaptcha. Funny, and reassuring.
 

beowulf7

[H]F Junkie
Joined
Jun 30, 2005
Messages
10,433
A fun trick with captcha on some sites that use two words. One is real and its usually obvious as it looks funky. The second is clearly different and uses punctuation, so you can type whatever you want for that word which goes into some kind of database for them (basically using you as free deciphering labor).

As such, I typically type in something offensive for that word, and it accepts it all the same. :D
I'm going to have to try that out the next time. :cool:

Captcha is definitely annoying and I wonder if its pros really outweigh the cons. But it's the age-old "security vs. usability" argument, except apparently the security value of Captcha is overhyped.
 

MrLonghair

[H]ard|Gawd
Joined
Jun 7, 2004
Messages
1,764
GsdEd.jpg




..And have you ever tried entering a catchpa from a SAMOLED display?

F dat S
 

Cube

[H]ard|Gawd
Joined
Oct 19, 2005
Messages
1,111
I hate those fucking things and i have been typing stupid words in all week long. every single time and who cares if a bot is using some of these crap websites anyway.



O also hate people fucking splitting files up for NO REason into 99 million parts, and people who compress crap into stupid formats even when it only saves them 6 MB on the files size it's 20 fucking 11 who gives a fuck if you save 20mb or less.

z7zip useless format, not any better than RAR or normal .zip people need stop using it and doing all the other crap the do to think they save space and they are not.

RAR don't even save any space compared to some Zip files and nobody even looks if it save any space then they use RAR password on it too you have to cracko like they are protecting there pirated contents.
 

Jaerb4

Gawd
Joined
May 10, 2008
Messages
914
I hate it when the CAPTCHAs use foreign languages that I can't even type with an English keyboard.

Arabic being one of the more common ones I've come across. French and Spanish a close second. Chinese and Japanese last.

I've gotten a few mathematical formulas already.

I think the more creative ones I've seen was identifying an object, selecting it, and drag-and-dropping it onto a target box before proceeding. I can live with that instead of trying to discern some cryptic hieroglyphic.
The ones I've seen using foreign characters (accents and umlauts) don't actually care if it's the correct character or the English character.

In fact, I've had some CAPTCHAs that let me through, even with a typo. >.>
 

Azhar

Fixing stupid since 1972
Joined
Jan 9, 2001
Messages
18,876
I hate those fucking things and i have been typing stupid words in all week long. every single time and who cares if a bot is using some of these crap websites anyway.



O also hate people fucking splitting files up for NO REason into 99 million parts, and people who compress crap into stupid formats even when it only saves them 6 MB on the files size it's 20 fucking 11 who gives a fuck if you save 20mb or less.

z7zip useless format, not any better than RAR or normal .zip people need stop using it and doing all the other crap the do to think they save space and they are not.

RAR don't even save any space compared to some Zip files and nobody even looks if it save any space then they use RAR password on it too you have to cracko like they are protecting there pirated contents.

Solution: stop uh, downloading Linux distributions.
 

Zangmonkey

Supreme [H]ardness
Joined
Jul 6, 2005
Messages
4,510
There was a story a while back about a group that beat captchas by routing them to a free porn site.
Users accessing the porn were solving other sites' captchas. I thought that was extremely clever crowdsourcing.
 

necrosis

Gawd
Joined
Oct 21, 2004
Messages
758
O also hate people fucking splitting files up for NO REason into 99 million parts,
More parts has something to do with getting more points. The more files you upload on some of those sites the more download points you get. Its biased on file count not size so people do this.

z7zip useless format, not any better than RAR or normal .zip people need stop using it and doing all the other crap the do to think they save space and they are not.
Screw .zip, i use .rar for everything, have for a while. Mostly because the winrar is 'free'. No nag screens on the right click menu -> extract option so I always use that. It also allows you to specify cut size which I do have to do at times. 7z can freck off.

then they use RAR password on it too you have to cracko like they are protecting there pirated contents.
They do this because they are probably uploading something that breaks the download site's ToS. Putting a password on it prevents their staff/bots from looking at the files inside and possibly pulling the file.
 

necrosis

Gawd
Joined
Oct 21, 2004
Messages
758
Gah forgot to add something on topic to my last post.

I have yet to see one of those things use non roman letters/numbers. Haven't really seen any even use symbols either. I have seen the math ones recently tho but they seam to be rare.

Captcha, the only thing more annoying than Age Gate's.
 

jiminator

[H]F Junkie
Joined
Feb 2, 2007
Messages
11,607
sorry doodz, you might hate them but they are here to stay.
certainly motivated people can easily hack them, but that is the 1%
the other 99% are lazy scumbags who will write automated scripts to exploit your site if you don't have them.
 

steve30x

Limp Gawd
Joined
Feb 9, 2006
Messages
180
I didnt mind Captcha until they started putting a squigly line through the words. Now I find it very hard to read them because I have bad eyesight.
 

Yossarian22

[H]ard|Gawd
Joined
Apr 27, 2009
Messages
1,793
Here at university (RIT) there is work being done where they are making video based captchas where you have to give a description of the video in a few select words out of many.
 

Mickey21

Limp Gawd
Joined
Oct 6, 2004
Messages
442
All I have to say, is put the other shoe on. Try keeping these bots OUT of your site or network and realise they have to do something to stem the flow. What would you have them do? Not have the site accessible? It is like anything else, a55hats out there are ruining it for the rest of us. I didnt see many comments on how bot makers are the idiots out there, just complaining about the measures used to TRY to defeat them.
 

beowulf7

[H]F Junkie
Joined
Jun 30, 2005
Messages
10,433
Instead of using Captcha, wouldn't it be more effective against computers and easier for users for some sort of scheme like the following?

Write out the sum of two plus 3. Capitalize the first and last letters only.
Answer: FivE

And just randomize one-digit numbers (both spelled out and written as a number) for the request. I should patent that. :cool:
 

jiminator

[H]F Junkie
Joined
Feb 2, 2007
Messages
11,607
Instead of using Captcha, wouldn't it be more effective against computers and easier for users for some sort of scheme like the following?

Write out the sum of two plus 3. Capitalize the first and last letters only.
Answer: FivE

And just randomize one-digit numbers (both spelled out and written as a number) for the request. I should patent that. :cool:

good theory but most people can barely follow any types of instructions, and if someone was going to write a script, it would be easy to reload your page 100 times and see what possible iterations there are for the questions you ask.
 

TheCAD

Gawd
Joined
Oct 12, 2007
Messages
581
We might as well come up with a good way to identify humans now.

Were going to need it after the machines rise.
 

beowulf7

[H]F Junkie
Joined
Jun 30, 2005
Messages
10,433
good theory but most people can barely follow any types of instructions, and if someone was going to write a script, it would be easy to reload your page 100 times and see what possible iterations there are for the questions you ask.
Yeah, I agree that most people don't follow instructions well, but I figure that simple math problem should be easier for most compared to trying to decipher the hieroglyphics known as Captcha.

About the iterations, yeah, one could try to determine the pattern, depending on how random the numbers are, but 1 out of 20 or 1 out of 100 of the bots getting through is still a lot better than the 65% or whatever success rates they're defeating Captcha on.
 
Joined
Oct 26, 2005
Messages
2,340
About the iterations, yeah, one could try to determine the pattern, depending on how random the numbers are, but 1 out of 20 or 1 out of 100 of the bots getting through is still a lot better than the 65% or whatever success rates they're defeating Captcha on.
Once you know the question format, problems like that are absolutely trivial. Anyone capable of writing a Captcha-defeating OCR algorithm could solve this in five minutes, with a 100% success rate. The only reason Captchas like this are of any use is because no one using them is a worthwhile spam target.

Re the 65% success rate, that was only for one specific site. The success rate against reCaptcha - the one you've probably run into more than all the others combined - was 0%.
 
Joined
Oct 26, 2005
Messages
2,340
CAPTCHA has been getting worse lately with using mathematical formulas or foreign alphabets such as Arabic, Kanji and Chinese caligraphy. I wonder what's going on with that.
reCaptcha works by showing you words that Google Books' OCR software has failed to identify (so it stands to reason that the spammers can't decipher them either, plus they get the added bonus of having us work at it for free). Of course, sometimes the reason they can't resolve it to an English word is that it isn't one...
 
Top