WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Defeating CAPTCHA

From: Subs <subs () steelesoftconsulting com>
Date: Fri, 26 Aug 2005 00:12:52 -0700
To the list,
What if you used a combination of random images linked by tag name ontologies with a random font overlayed on the image used in a synonymic fashion?
For instance a picture of our planet, with text overlaid something like "3rd Rock From the Sun", "Home" or "Planet" with a question like What Would You Call This?
The answer expected to be a case insensitive "Earth" (definitely not a pre-build select list like some systems I've seen).
It seems that a large enough vocabulary linked by tags to another large collection of easily humanly-recognizable pictures would be hard for computer cognitive processes to succeed.
W Fonts x X Images x 3Y Tags => Z Words seems like it could be extremely large, but it is late :)
This of course is not considering the other problems with CAPTCHA, such as accessibility or DOS attacks, just interested in what other people might think about this approach, and it's possible attacks. 

Thanks,
  John
This was linked off of slashdot (http://it.slashdot.org/article.pl?sid=05/08/24/1629213&tid=172&tid=95) and explains some of the ways people are breaking CAPTCHA (http://en.wikipedia.org/wiki/Captcha) based systems. 

http://sam.zoy.org/pwntcha/

- Robert
robert_at_webappsec.org
http://www.cgisecurity.com


--
/* Steelesoft Consulting     John Steele - Systems Analyst/Programmer
 *  We also walk dogs...  Dynamic Web Design, PHP/MySQL/Linux/Hosting
 *  http://www.steelesoftconsulting.com/
 */
Previous By Date Next
Previous By Thread Next

Current thread: