Can you hear me now? Tales from a Cisco voice instructor

May 25 2011   7:20PM GMT

CAPTCHAs Cracked



Posted by: Dave Bateman
Tags:
CAPTCHA
Security

If you mention the word CAPTCHA in most circles, you will be met with blank stares. But, it is a good bet that most of those people know what it is even if they don’t know it by name. CAPTCHAs are those annoyingly hard to read phrase that you have to enter when creating or validating certain types of accounts. If you still don’t know what I am talking about, here’s an example:

So why do certain sites use CAPTCHAs? To see if you are really a human. These sites want to make sure that it is a real person signing up for the account and not just some program trying to create millions of accounts for purposes that may be less then desirable.

CAPTCHA stands for Completely Automated Public Turing Test To Tell Computers and Humans Apart and anyone that has ever been subjected to one can tell you that it sometimes works too well. More than once I have not been able to tell what the heck the word or phrase was suppose to be. Often CAPTCHAs will have a button near them. When clicked, an audio file will play what the CAPTCHA is. This is mainly there to help those that may have a problem with their vision. I must admit that I have use this feature to try to figure out what the phrase was suppose to be more than once.

As with many security measures, it was only a matter of time before someone came up with a way to crack CAPTCHAs. Researchers at Stanford University created a program called Decaptcha. Decaptcha can listen to the audio CAPTCHA and, in many cases, determine what the CAPTCHA is. It is 100 percent accurate and how well it works depends on which CAPTCHA method is used. For example, Decaptcha had an accuracy of 82 percent for Ebay CAPTCHAs but only a 1.5 percent when ran against reCAPTCHA which is a Google CAPTCHA method used on sites like Facbook and Youtube.

So, while Decaptcha is not perfect, it once again proves that for every new security measure that is created there will be people somewhere figuring out a way around it.

RIPB

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: