Attack & Defence Against Visual CAPTCHA

["Debasis Mohanty" <mail () hackingspirits com>]

Hey Folks !! 

Is there anyone in this list who has worked on creation of complex
CAPTCHAs?? 

A CAPTCHA is a program which can distinguish between computer and humans.
These are mostly found on webpages like YAHOO, HOTMAIL, ... INTERNET POLLs
etc. CAPTCHAs are mostly used to defeat internet bots which are written to
automatically fill tons of internet forms or sign up hundreds thousands
email IDs to cause spam etc. 

There already exists few interesting projects around on circumventing
CAPTCHA ( http://www.captcha.net/ ). There are various alogorithms being
written to defeat simplests to the complex CAPTCHAs but only few CAPTCHAs
have survived such tests. 

A project devoted to breaking CAPTCHA systems can be found here:
http://sam.zoy.org/projects/pwntcha/ 

Here's a link to the original paper that discussed how they broke the
ez-gimpy system that Yahoo! uses (92%), and have about a 33% success rate
with the harder version, gimpy.
http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html 

There are many internet bots being written to defeat webpage forms with
visual CAPTCHs but still work is going on to improve the complexities of the
CAPTCHAs. Recently, I have involved myself in such projects. Would like to
invite comments from everyone on what are other possible ways that one can
think of preventing internet bots other than just using complex CAPTCHAs?? 


Regards, 
Debasis Mohanty
www.hackingspirits.com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/