Coffeehouse Thread

25 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

CAPTCHA Busted

Back to Forum: Coffeehouse
  • User profile image
    GoddersUK

    http://news.bbc.co.uk/1/hi/technology/7067962.stm

    And spammers have found their way around another one of the defenses against them.

    Sad

  • User profile image
    ScanIAm

    I think we had a thread about this a year or so ago where we talked about the possibility of doing this.  Those rat-b@stard spammers Sad

  • User profile image
    Ion Todirel

    Sad man i loved captcha

  • User profile image
    ScanIAm

    OK, since we're such great prognosticators, what could we replace CAPTCHA with?

    It has to be something that requires a human to think, but also would trick someone who wasn't actually viewing the whole page.

    Maybe you choose from a list of questions like:

    1) how many vowels are in your username.
    2) how many textboxes are on this login screen.
    3) ???

    It has to be something randomized, though.

  • User profile image
    Ion Todirel

    ScanIAm wrote:
    OK, since we're such great prognosticators, what could we replace CAPTCHA with?

    It has to be something that requires a human to think, but also would trick someone who wasn't actually viewing the whole page.

    Maybe you choose from a list of questions like:

    1) how many vowels are in your username.
    2) how many textboxes are on this login screen.
    3) ???

    It has to be something randomized, though.
    cool idea

    3) whats your windows version? (you can get this from the Request object)

    the problem is that you cant have an infinit set of those questions and after some time they will break this, so its not good in long term, maybe a button that will make a sound like: "hello you are dead" and you will have to type what you have heard, replace the image with sound

  • User profile image
    DoomBringer

    Just about any conceivable method can be undone with the same technique as this thing, though -- behold the power of teh inter-prons. 

  • User profile image
    W3bbo

    CompGuy101 wrote:
    Simple math problems...but instead of text, use a captcha number.


    On the contrary, I proprose incredibly hard math problems (stuff like integrals, hyperbolics, or catastrophe theory if I'm feeling evil). This has numerous advantages:

    • It means only intelligent people are members
    • Not even OCR software would work, since OCR fails terribly at reading complex typesetting. It's going to get confused with greek letters, large operators, and all that
    • The site could make a bunch of money by putting proper math problems as the CAPTCHAs. The site could use the user-generated solutions as an income source as it submits them to the problem's organizers.
      • Although one saying "Prove (or disprove) that the complexity classes P=NP" is a little too far.
        • No, no jokes about N=1
    Requiring CC payment kept the kids out of SA, I don't see why a little degree level CAPTCHA can't keep the idiots out of technical forums Wink

  • User profile image
    Matthew van Eerde

    This technique has been around for a while.

    Personally I think CAPTCHA's biggest drawback is it discriminates against people who can't see the image.

  • User profile image
    Angus

    W3bbo wrote:
    
    CompGuy101 wrote:
    Simple math problems...but instead of text, use a captcha number.


    On the contrary, I proprose incredibly hard math problems (stuff like integrals, hyperbolics, or catastrophe theory if I'm feeling evil). This has numerous advantages:

    • It means only intelligent people are members
    • Not even OCR software would work, since OCR fails terribly at reading complex typesetting. It's going to get confused with greek letters, large operators, and all that
    • The site could make a bunch of money by putting proper math problems as the CAPTCHAs. The site could use the user-generated solutions as an income source as it submits them to the problem's organizers.
      • Although one saying "Prove (or disprove) that the complexity classes P=NP" is a little too far.
        • No, no jokes about N=1
    Requiring CC payment kept the kids out of SA, I don't see why a little degree level CAPTCHA can't keep the idiots out of technical forums


    That is (I would say) an incredibly bad idea. It might be useful to ensure that the people on a forum have a certain level of Mathematical knowledge, but it is rather pointless for anything else (I believe). (If one aims to limit [severely] the number of members [on a forum] then this might work [as the sub-set of the people who could actually solve these problems would be very small {proportionally}]).

    I do like the idea of a challenge (personally), and therefore I might like to attempt to solve something (of this manner [merely for fun]). It is still a very bad idea (in the vast majority of cases).

    Angus Higgins

  • User profile image
    Vasudev

    Has anybody tried Asirra ?
    About which I had posted : Secure your website with cats and Dogs
    long time back.

  • User profile image
    elmer

    CompGuy101 wrote:
    Simple math problems...but instead of text, use a captcha number.


    How about: What number am I thinking of ?

  • User profile image
    Matthew van Eerde

    W3bbo wrote:
    No, no jokes about N=1


    How about P = 0?

  • User profile image
    blowdart

    W3bbo wrote:
    
    • It means only intelligent people are members



    Ah so no more w3bbo posts

    (*snicker*)

  • User profile image
    stevo_

    I quite like the honey pot idea where random hidden fields are included in the form (hiden with css, not hiden type)..

  • User profile image
    Adrian​JMartin

    That CAPTCHA implementation is busted.

    a good CAPTCHA system should dynamically create it's image, it should never show the same image twice - which is why the mentioned system is busted.

    Jeff Atwood has more to say here:

    http://www.codinghorror.com/blog/archives/000712.html

    and BrotheCake (!) has this to say:

    http://www.sitepoint.com/blogs/2007/09/10/dont-make-users-take-responsibility-for-our-problems/




  • User profile image
    Dodo

    How about giving each person on earth an email address, ongoing the day they're born, and everything could require email activation then.

    hmmm... OK it's dumb...

  • User profile image
    W3bbo

    stevo_ wrote:
    I quite like the honey pot idea where random hidden fields are included in the form (hiden with css, not hiden type)..


    Then you run the risk of people running without stylesheets not being granted access to your site.

    I think email confirmation, in conjunction with a captcha on the "thanks for confirming your email address" page works best.

  • User profile image
    Dodo

    W3bbo wrote:
    I think email confirmation, in conjunction with a captcha on the "thanks for confirming your email address" page works best.
    OK, what to do for registration for an email address?
    Wanna see you getting an activation email for an email address registration. Big Smile

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.