Google reCAPTCHA cracked
Researcher Jonathan Wilkins published a paper recently that included an analysis of reCAPTCHA’s security. In automated attacks he conducted against the system, he reported he had an alarming success rate of 17.5 percent.
CAPTCHA–which stands for Completely Automated Public Turing test to tell Computers and Humans Apart–is a method for foiling automated attacks by spammers on Web sites. Before a Net surfer can perform at a site a task, such as setting up an email account or adding comments to a blog posting, he or she is presented with the image of a word or phrase that has been distressed in some way. The warped image is intended to thwart scanners and optical recognition software programs used to automate the compromising of web sites by spammers. The idea is that humans can read the characters in the image and type them into a form while machines can’t.
Some simple math reveals just how alarming Wilkins’ findings are. The operator of even a modest botnet of 10,000 machines would be perfectly happy with a success rate of 0.01 percent. That would mean 10 new gmail accounts could be created every second or 864,000 new accounts a day from which spam could be launched.
Google counters that Wilkins test targeted an old form of reCAPTCHA from 2008 that’s been changed. “[T]his study does not reflect the effectiveness of reCAPTCHA’s current technology against machine solvers,” a Google spokesperson told The Register. “We’ve found reCAPTCHA to be far more resilient while also striking a good balance with human usability, and we’ve received very positive feedback from customers.”
Wilkins acknowledged that his initial tests were on an older version of reCAPTCHA, but since that time, he has conducted tests on the new images produced by the system and found them to be even weaker than the older ones. In one of his original tests on the system, his success rate was five in 200. When that test was run on the new reCAPTCHA, the rate was 23 in 100.
The major difference between the old and new versions of reCAPTCHA, according to Wilkins, is the use of horizontal lines to obscure the characters in the image. While the use of the lines makes it harder for machines to recognize a reCAPTCHA phrase–although Wilkins asserts the lines can be subverted easily by spammers–it also makes the phrase harder to read by humans, too. New reCAPTCHA images drop the lines but add distortion to the image. They’re easier to read for humans, but, alas, they’re also easier for machines to crack.
Unlike most CAPTCHA systems, Google’s uses images with two words. That’s because Google uses reCAPTCHA for two purposes. Like other CAPTCHA systems, it’s designed to frustrate spammers, but it’s also incorporated into Google’s efforts to digitize books. When a word in a book scan can’t be recognized by Google’s OCR software, it’s sent to the reCAPTCHA pool. So when a person enters a reCAPTCHA phrase into a form, Google can discover what its OCR program couldn’t, without having to hire human editors to review scanning results.
One weakness of CAPTCHA schemes, though is that they use words that can be found in a dictionary. This makes it easier for machines to crack the phrases because they have something to compare them to for errors.
In addition, reCAPTCHA uses a “one-off” system. That means a letter in a word can be incorrect, and it will still be accepted by the system.
So if the reCAPTCHA phrase contains the word “meat” and a Webster enters “peat,” his or her response will still be interpreted as a valid one.
Some alternatives to CAPTCHA avoid words entirely. Microsoft, for instance, has developed a scheme called Asirra that is totally based on images of cats and dogs. To perform a task protected by Asirra, a netizen is presented with an array of 12 pictures and asked to identify each as either a canine or feline. This method is called Human Interactive Proof, or HIP.
To be effective, HIP systems need to be supported by large databases that tax the computational power of an attacking spammer. Microsoft does that by using the picture database at Petfinder.com, which contains some three million photos.
Related Posts
Java....Why we call it Platform Independent or Architectural Neutral??
Java a complete object oriented programming language is said to be platform independent or architectural neutral as a java program do not depend upon the operating system or hardware it is running on. The Platform independent nature can be interpreted by two things: Operating System Independent: Independent of the operating system on which your source code is being run. Hardware Independent: Doesn't depend upon the harware on which your java code is run upon .e. it can run on any hardware configuration. These two points make it a platform independent language. Hence, the user do not have to change the syntax of the program according to the Operating System and do not have to compile the program again and again on different Operating Systems. The meaning of this point can be understood as you read further. Now talking about C,C++ they are a platform dependent language's as the file which compiler of C,C++ forms is a .exe(executable) file which is operating system dependen...
Downloading icloud photos using icloudpd on linux, windows or mac
iCloud Photo Backup Guide Downloading icloud photos using icloudpd on linux, windows or mac icloudpd is a third-party command-line tool to download all your iCloud Photos automatically. Install icloudpd Install Python3 and pip: sudo apt update sudo apt install python3 python3-pip Install icloudpd: pip3 install icloudpd Download iCloud Photos Create a directory for your photos (e.g., /mnt/backup_photos ): mkdir -p /mnt/backup_photos Run icloudpd to download your photos: icloudpd --directory /mnt/backup_photos --username your_apple_id Authenticate: You’ll be prompted to enter your Apple ID password. If Two-Factor Authentication (2FA) is enabled, you’ll need to enter a verification code sent to your Apple devices. Let icloudpd sync all your phot...
Apple To Issue a 'Fix' For iPhone 4 Reception Perception
Apple has just released a statement addressing the signal issues a lot of users are having with their iPhone 4. They claim to have discovered the cause for the drop in bars, which is "both simple and surprising" — a wrong formula used to calculate how many bars are displayed for a given signal strength. "Upon investigation, we were stunned to find that the formula we use to calculate how many bars of signal strength to display is totally wrong. ... we sometimes display 4 bars when we should be displaying as few as 2 bars. Users observing a drop of several bars when they grip their iPhone in a certain way are most likely in an area with very weak signal strength, but they don’t know it because we are erroneously displaying 4 or 5 bars. Their big drop in bars is because their high bars were never real in the first place. ... We will issue a free software update within a few weeks that incorporates the corrected formula. Since this mistake has been present sin...
Nokia Paying $10M For Symbian Software Developers
Yesterday Nokia and AT&T announced a mobile software coding contest worth $10 million in prize money. The move is intended to help Symbian compete with Android and iOS. The day before this announcement, Sony Ericsson said it would not be making any new Symbian devices and is instead focusing on Android. That left Nokia pretty much alone with Symbian, and now it wants to find new coding 'friends' to keep the platform alive. Natural selection seems to be slowly eroding Symbian's future. Is this contest too late? Contest Link: http://www.callingallinnovators.com/10M/
Facebook in SIM Card
How about Facebook comes embedded inside a SIM card you buy from your nearby store. Yeah its true...a Dutch digital security company Gemalto has made it possible and has announced Facebook for SIM card at the annual world congress in Barcelona. The company has achieved this by shrinking the facebook into such a small size that it can be stored in SIM. Therefore, enabling people to enjoy the Facebook on their GSM networks without a data plan.In doing so, Gemalto is offering Facebook to millions of mobile phone users regardless of their handset type. The app uses Class 2 SMS to ensure compatibility with the most basic handsets and networks. Class 2 SMS messages are delivered direct to the SIM without the user being involved, and then the application running on the SIM can tell the handset to alert the user. Gemalto did not reveal any release details, but emerging markets where data plans are ridiculously expensive, or simply not available, is likely the target audience.
Comments
Post a Comment
Let's discuss and learn more