Saturday, June 13, 2009

ability to solve CAPTCHAS == Threat ?

That's interesting to see how many web sites use CAPTCHAS nowadays. This reverse Turing test has been used for years now, to differentiate between a human and a machine, to avoid the problem of "spam accounts". To me, they are becoming more and more unreadable (cf google captcha), because they are trying to increase the security by reducing the segmentation, rotating/difforming the letters, etc.

Google captcha

Do the end-user really care about these captchas ? I'm not really sure... However, I can see multiple ways to take advantages from them. Imagine for example you want to make your website more known on Stumbleupon or Digg. An easy solution would be to create multiple accounts and vote for your site ("I like it") in order you to be in the top ranking. By using a web bot - like the one explained in the previous article for the SMS - makes the job extremely easy to achieve.

But, the only point is that we'd like to automatize the job of creating new accounts and therefore, solving captchas.

StumbleUpon captchas

Current methods claim they can solve them with a probability of 30% (for Google's one), using pattern matching techniques like support vector machines. That's not bad, but I definitely think that there is room for improvement. Few techniques to solve them have be explained here. On the other hand, websites proposing captchas let you try few times, so it's not a big deal if you have to let your bot run 3 times longer to get the desired result.

Well, I'm really interested to dig into this problem as soon as I'll have a bit more time to fuck around :)

No comments:

Post a Comment