First of all, a CAPTCHA is defined as a "Completely Automated Public Turing Test to Tell Computers and Humans Apart". It is a way to distinguish humans from machines, especially useful for avoiding spam and other unwanted automated processes.
Here is what the Russian team had to say: "The CAPTCHA has a vulnerability we'll discuss later. It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100.000 tries per day, taking into the consideration the price of not automated recognition – one cent per one CAPTCHA."
Here is a list of characteristics of a solid CAPTCHA system, as written by Jeremiah Grossman (here):
1) Test should be administered where the human and the server are remote over the network.
2) Test should be simple for humans to pass.
* Humans should fail less than 0.1% on the first attempt.
3) Test should be solvable by humans in less than a several seconds.
4) Test should only be solvable by the human to which it was presented.
5) Test should be hard for computer to pass
* Correctly guessing the answer should be less than 1 in 1,000,000, even after 24-hours of analysis.
6) Knowledge of previous test questions, answers, results, or combination thereof should not impact the predictability of following tests.
7) Test should not discriminate against humans with visual or hearing impairments.
8) Test should not possess a geographic, cultural, or language bias.
For more information and details on the means used by the Russian hackers, go here.
Feb 11, 2008
Yahoo! CAPTCHA Cracked!
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment