VIEWS: 12 PAGES: 17 POSTED ON: 10/5/2011
CAPTCHA Presented by Ian Boggs What is CAPTCHA? • Completely Automated Public Turing test to tell Computers and Humans Apart • Really a reverse Turing test • Something that is “easy” for humans to do but hard for computers • All because of SPAM! What is CAPTCHA • Mostly focusing on visual CAPTCHA Text vs. Images (bitmaps) • Images (bitmaps) are made of individual pixels: Magnification of cat’s paw Text vs. Images (bitmaps) • Each pixel specifies the color at that point in the image. • A grid of pixels forms an image Text vs. Images (bitmaps) • Text (like in this presentation) is represnted in the computer as a series of codes, e.g. ASCII. • “A” really means “code 65” to the computer. • Each character is a discreet unit of data. Text vs. Images (bitmaps) • Why can’t a computer read text in images? – To a computer, an image is just a grid of pixels – Doesn’t contain anything it understands as “text” – Computer can tell the difference between two different pixels in an image. Text vs. Images (bitmaps) • Optical Character Recognition – Look at an image of pixels – Find groups of pixels that contrast with the background – Compare group with known pattern of pixels =A Optical Character Recognition • Easy to do on plain images: Image of Dr. Wu-chang Feng’s email address from his hompage Online OCR program had no problem converting into text Optical Character Recognition • CAPTCHA breaks OCR algorithms – OCR can’t pick out patterns that look like text, or ends up misreading image noise as text. Problems with CAPTCHA • From the user’s perspective: – Harder to get your internettin’ done – Possible to get locked out after misreading CAPTCHA enough times – Blind users at a serious disadvantage • But they have audio CAPTCHA! – Images are getting more complex because… Problems with CAPTCHA • Visual CAPTCHA can and has been broken – Must be easy enough for humans to read but too hard for computers to OCR. – Yahoo’s EZ-Gimpy: Problems with CAPTCHA • Send the CAPTCHA image to a real human – People can decode 100’s of CAPTCHAs an hour – SPAM Bot sends CAPTCHA image to human – Human decodes and sends back – Strip tease CAPTCHA game Problems with CAPTCHA • Reuse CAPTCHA image session id – Has to do with HTTP protocol and Cookies • Server sends CAPTCHA image with attached cookie containing Session ID to user. • Real person completes CAPTCHA and returns it but saves session ID cookie • Valid session ID = Completed CAPTCHA • Session ID is reused by spam bot and server thinks it’s a real person. Alternative CAPTCHAs • Have user do a simple math problem (What is two plus four?) • Ask the user to select a “duck” from a series of images And finally References • Jeff Atwood. “Captcha Effectiveness”. 10/25/2009 Coding Horror (blog) • Free Online OCR Service, http://www.onlineocr.net/default.aspx • Greg Mori, Jitendra Malik. “Breaking a Visual CAPTCHA”, http://www.cs.sfu.ca/~mori/research/gimpy/ • The Official CAPTCHA Site, http://www.captcha.net/ • Oren Yaniv, Helen Kennedy. “California hackers who grabbed Ticketmaster's best online tickets are clever, not crooks: lawyer”, http://www.nydailynews.com/news/ny_crime/2010/03/03/2010-03- 03_clever_not_crooks_says_tix_scam_atty.html, published 3/3/2010 • Wikipedia contributors, "CAPTCHA," Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/w/index.php?title=CAPTCHA&oldid=348608473 (accessed March 9, 2010).
Pages to are hidden for
"CAPTCHA"Please download to view full document