Google reCAPTCHA cracked
Researcher Jonathan Wilkins published a paper recently that included an analysis of reCAPTCHA’s security. In automated attacks he conducted against the system, he reported he had an alarming success rate of 17.5 percent.
CAPTCHA–which stands for Completely Automated Public Turing test to tell Computers and Humans Apart–is a method for foiling automated attacks by spammers on Web sites. Before a Net surfer can perform at a site a task, such as setting up an email account or adding comments to a blog posting, he or she is presented with the image of a word or phrase that has been distressed in some way. The warped image is intended to thwart scanners and optical recognition software programs used to automate the compromising of web sites by spammers. The idea is that humans can read the characters in the image and type them into a form while machines can’t.
Some simple math reveals just how alarming Wilkins’ findings are. The operator of even a modest botnet of 10,000 machines would be perfectly happy with a success rate of 0.01 percent. That would mean 10 new gmail accounts could be created every second or 864,000 new accounts a day from which spam could be launched.
Google counters that Wilkins test targeted an old form of reCAPTCHA from 2008 that’s been changed. “[T]his study does not reflect the effectiveness of reCAPTCHA’s current technology against machine solvers,” a Google spokesperson told The Register. “We’ve found reCAPTCHA to be far more resilient while also striking a good balance with human usability, and we’ve received very positive feedback from customers.”
Wilkins acknowledged that his initial tests were on an older version of reCAPTCHA, but since that time, he has conducted tests on the new images produced by the system and found them to be even weaker than the older ones. In one of his original tests on the system, his success rate was five in 200. When that test was run on the new reCAPTCHA, the rate was 23 in 100.
The major difference between the old and new versions of reCAPTCHA, according to Wilkins, is the use of horizontal lines to obscure the characters in the image. While the use of the lines makes it harder for machines to recognize a reCAPTCHA phrase–although Wilkins asserts the lines can be subverted easily by spammers–it also makes the phrase harder to read by humans, too. New reCAPTCHA images drop the lines but add distortion to the image. They’re easier to read for humans, but, alas, they’re also easier for machines to crack.
Unlike most CAPTCHA systems, Google’s uses images with two words. That’s because Google uses reCAPTCHA for two purposes. Like other CAPTCHA systems, it’s designed to frustrate spammers, but it’s also incorporated into Google’s efforts to digitize books. When a word in a book scan can’t be recognized by Google’s OCR software, it’s sent to the reCAPTCHA pool. So when a person enters a reCAPTCHA phrase into a form, Google can discover what its OCR program couldn’t, without having to hire human editors to review scanning results.
One weakness of CAPTCHA schemes, though is that they use words that can be found in a dictionary. This makes it easier for machines to crack the phrases because they have something to compare them to for errors.
In addition, reCAPTCHA uses a “one-off” system. That means a letter in a word can be incorrect, and it will still be accepted by the system.
So if the reCAPTCHA phrase contains the word “meat” and a Webster enters “peat,” his or her response will still be interpreted as a valid one.
Some alternatives to CAPTCHA avoid words entirely. Microsoft, for instance, has developed a scheme called Asirra that is totally based on images of cats and dogs. To perform a task protected by Asirra, a netizen is presented with an array of 12 pictures and asked to identify each as either a canine or feline. This method is called Human Interactive Proof, or HIP.
To be effective, HIP systems need to be supported by large databases that tax the computational power of an attacking spammer. Microsoft does that by using the picture database at Petfinder.com, which contains some three million photos.
Related Posts
Clash Back from Apple, sues Motorola...
Earlier this month, there was a news that Motorola had sued Apple, alleging infringement of 18 patents involving the iPhone, iPad, and other Apple devices. In response, Apple has now launched a pair of lawsuits alleging that Motorola is the infringing party, pointing to a number of patents involving touchscreen displays and multi-touch technology, and also methods for interacting with settings and data on a device. Apple wants the court to award them damages and prevent Motorola from continuing to sell the offending devices, which include the Droid, Droid 2, Droid X, BackFlip, Devour i1, Devour A555, Cliq, and Cliq XT. Read More>>
Opting classic row modeling or EAV data modeling?
Few of the circumstances are listed below where EAV scores over conventional tables: · The data type of individual attributes varies. Like in above example EAV is used because the requirements vary from client to client like some may want an extra address like added to existing address format. · The categories of data are numerous, growing or fluctuating, but the number of instances (records/rows) within each category is very small. Here, with conventional modeling, the database’s Entity-Relationship Diagram might have hundreds of tables: the tables that contain thousands/ millions of rows/instances are emphasized visually to the same extent as those with very few rows. The latter are candidates for conversion to an EAV representation. Other Related Links: EAV(Entity-Attribute Value) Model EAV versus Row modeling Downsides of EAV data model over class row model Optin...
Motorola Sues Microsoft over 16 patents...
As if there weren't already enough patent suits related to smartphone technologies, Motorola just announced its widely anticipated countersuit against Microsoft. Its subsidiary Motorola Mobility filed complaints with two US District Courts (Southern District of Florida and Western District of Wisconsin). Motorola already litigates with Apple in those and other courts. According to Motorola, the patents relate to technologies in the fields of operating systems, video codecs, email, instant messaging, object-oriented software architectures, WiFi, and graphical passwords. Motorola claims Windows, the Live messenger, Windows Phone, Outlook and other Microsoft products infringe. Motorola's action is no surprise given that all of the companies sued over patent infringement by Android — with the exception of Google — have already countersued.
Dell Stops selling Ubuntu powered PCs Online
Dell has stopped selling consumer PCs preloaded with Ubuntu from its website, and doesn't know when they're coming back. A search for Ubuntu on the Dell UK website returns only one laptop — the Dell Latitude 2100 from the company's business range. Dell insists that it's continuing to sell Ubuntu systems, but only over the phone, and has no idea when — or even if — the Ubuntu PCs will return online. 'We've recently made an effort to simplify our offerings online, by focusing on our most popular bundles and configuration options, based on customer feedback for reduced complexity and a simple, easy purchase experience,' Dell told PC Pro. 'We're also making some changes to our Ubuntu pages, and as a result, they are currently available through our phone-based sales only.' The move comes after Dell put a page on its website advising customers only to go for Ubuntu if they were interested in open-source programming.
Entity Attribute Value Model
EAV (Entity-Attribute Value) Model It is a data model to describe entities where number of attributes for the entities could be very large in amount. EAV helps us to overcome the limitations of conventional database model. Ex: Organization ‘ABC’ defines the entity ‘Address’ as: Organization ‘ABC’: Address Line1 Line2 State Country Zip At the same time Organization ‘XYZ’ may define ‘Address’ as: Organization ‘XYZ’: Address Line1 Line2 Line3 City State Country Zip Phone A conventional database table design (one fact per column or set of facts per row) is unsuitable for such type of data, because of: · the need to continually add new tables or columns whenever new facts need incorporation · ...
Comments
Post a Comment
Let's discuss and learn more