CAPTCHA pwned?
CAPTCHA? WTF is CAPTCHA? Basically, ever see these suckers b4?
Basically these 3 images are CAPTCHA images from Hotmail, Yahoo and phpBB. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. The idea is that only a human is be able to decipher the image and type the text inside the image to 'prove' that he is human and not a bot.
Well, interestingly enuff, this guy at http://sam.zoy.org/pwntcha/ managed to write a program that can decode these images and break thru CAPTCHA. I dunno, it seems like yeah it's possible to break it IF someone is really serious. Some even talk about other ways like using logic test, credit card, etc, but I think u really need to think about whether it's worth all that trouble. I think it's still good enough to defeat 99% of spam. 1%, I filter myself. I don't think ppl will be so interested in my blog to fill it with spam. At most I delete lor simple.
Recently blogspot added captcha. Thumbs up! CAPTCHA is surprisingly easy to setup. PHP has built in captcha libraries and comes in 2 versions, TTF (imagettftext which requires TTF) and non-TTF (imagestring which works straight away). If u run a blog-style website or web forum, make sure u get one that supports captcha, unless u like all sorts of nonsense on ur website.
Basically these 3 images are CAPTCHA images from Hotmail, Yahoo and phpBB. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. The idea is that only a human is be able to decipher the image and type the text inside the image to 'prove' that he is human and not a bot.
Well, interestingly enuff, this guy at http://sam.zoy.org/pwntcha/ managed to write a program that can decode these images and break thru CAPTCHA. I dunno, it seems like yeah it's possible to break it IF someone is really serious. Some even talk about other ways like using logic test, credit card, etc, but I think u really need to think about whether it's worth all that trouble. I think it's still good enough to defeat 99% of spam. 1%, I filter myself. I don't think ppl will be so interested in my blog to fill it with spam. At most I delete lor simple.
Recently blogspot added captcha. Thumbs up! CAPTCHA is surprisingly easy to setup. PHP has built in captcha libraries and comes in 2 versions, TTF (imagettftext which requires TTF) and non-TTF (imagestring which works straight away). If u run a blog-style website or web forum, make sure u get one that supports captcha, unless u like all sorts of nonsense on ur website.
posted by Beng Hacks at 7:18 PM
2 Comments:
what about http://www.captchasolver.com ? it's an automated captcha solving web service and it's able to solve any type of captcha.
And one more advice. Be sure, that captcha is enough secure. For example, phpbb uses very simple captcha which could be very easily decoded. Writing decoder of this captcha took about 1 hour for me.
Post a Comment
<< Home