Full Disclosure mailing list archives
Attack & Defence Against Visual CAPTCHA
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sun, 20 Mar 2005 00:10:34 +0530
Hey Folks !! Is there anyone in this list who has worked on creation of complex CAPTCHAs?? A CAPTCHA is a program which can distinguish between computer and humans. These are mostly found on webpages like YAHOO, HOTMAIL, ... INTERNET POLLs etc. CAPTCHAs are mostly used to defeat internet bots which are written to automatically fill tons of internet forms or sign up hundreds thousands email IDs to cause spam etc. There already exists few interesting projects around on circumventing CAPTCHA ( http://www.captcha.net/ ). There are various alogorithms being written to defeat simplests to the complex CAPTCHAs but only few CAPTCHAs have survived such tests. A project devoted to breaking CAPTCHA systems can be found here: http://sam.zoy.org/projects/pwntcha/ Here's a link to the original paper that discussed how they broke the ez-gimpy system that Yahoo! uses (92%), and have about a 33% success rate with the harder version, gimpy. http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html There are many internet bots being written to defeat webpage forms with visual CAPTCHs but still work is going on to improve the complexities of the CAPTCHAs. Recently, I have involved myself in such projects. Would like to invite comments from everyone on what are other possible ways that one can think of preventing internet bots other than just using complex CAPTCHAs?? Regards, Debasis Mohanty www.hackingspirits.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Attack & Defence Against Visual CAPTCHA Debasis Mohanty (Mar 19)
- <Possible follow-ups>
- Re: Attack & Defence Against Visual CAPTCHA Feher Tamas (Mar 19)