CAPTCHAs. In the absence of a Voigt-Kampff apparatus, they're what separate the humans from the only-posing-to-be-human. And now three Stanford researchers have further blurred that line with Decaptcha, a program that uses image processing, segmentation and a spell-checker to defeat text-based CAPTCHAs. Elie Bursztien, Matthieu Martin and John Mitchell pitted Decaptcha against a number of sites: it passed 66% of the challenges on Visa's Authorize.net and 70% at Blizzard Entertainment. At the high end, the program beat 93% of MegaUpload's tests; at other end, it only bested 2% of those from Skyrock. Of the 15 sites tried, only two completely repelled Decaptcha's onslaught -- Google and reCaptcha. So what did the researchers learn from this? Randomization makes for better security; random lengths and character sizes tended to thwart Decaptcha, as did waving text. How long that will remain true is anyone's guess, as presumably SkyNet is working on a CAPTCHA-killer of its own.

0 Comments

Stanford program cracks text-based CAPTCHAs, shelters the replicants among us