Good and bad CAPTCHAs

December 11, 2007 at 10:16 pm Leave a comment

CAPTCHAs– those distorted letters and numbers that you need to figure out and type in to prove you are human- are everywhere on the Web nowadays. They span the entire spectrum from very bad to competent. The topic of CAPTCHAs also invariably brings forth all the frustrations people have in using them.

Using unsuspecting humans to get around CAPTCHAs is well known. For example, displaying the CAPTCHA from a genuine site to a person to solve in return for the person getting free access to porn.

A blog post on Coding Horror led me to the site of a Chinese hacker that sells software for breaking CAPTCHAs. The site has a very interesting page in which CAPTCHAs from well known sites are shown with how easy (or not) it is to break them. The software price is proportional to the ease of breaking.

For example, 9you (a Chinese online games site) is listed as easy with a 100% cracking rate. On the other hand, cracking eBay CAPTCHAs is listed as moderate with a 70% accuracy rate and is 8 times the price.

Perhaps not so surprising, the three that can’t be broken by the software are Google, Yahoo, and Hotmail. Comments on the Coding Horror page point to Google as having the best CAPTCHA- easy for people to figure out yet impossible to break programmatically.

Score another one for Google!

Advertisements

Entry filed under: authentication, fraud, network, security.

ID theft from security breaches UK: Santa and privacy law

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter

Feeds


%d bloggers like this: