Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Next-Generation CAPTCHA Exploits the Semantic Gap

Posted by kdawson on Wednesday April 23, @08:03AM
from the stand-and-identify dept.
Security Software IT
captcha_fun writes "Researchers at Penn State have developed a patent-pending image-based CAPTCHA technology for next-generation computer authentication. A user is asked to pass two tests: (1) click the geometric center of an image within a composite image, and (2) annotate an image using a word selected from a list. These images shown to the users have fake colors, textures, and edges, based on a sequence of randomly-generated parameters. Computer vision and recognition algorithms, such as alipr, rely on original colors, textures, and shapes in order to interpret the semantic content of an image. Because of the endowed power of imagination, even without the correct color, texture, and shape information, humans can still pass the tests with ease. Until computers can 'imagine' what is missing from an image, robotic programs will be unable to pass these tests. The system is called IMAGINATION and you can try it out." This sounds promising given how broken current CAPTCHA technology is.

Related Stories

[+] Windows Live Hotmail CAPTCHA Cracked, Exploited 358 comments
eldavojohn passes along what may be the last nail in the coffin for CAPTCHA technology. Coming on the heels of credible accounts of the downfall of first Yahoo's and then Gmail's CAPTCHA, Ars Technica is reporting on Websense Security Labs' deconstruction of the cracking and tuning / exploitation of the Live Hotmail CAPTCHA. Ars calculates that a single zombie computer can sign up over 1400 Live Hotmail accounts in a day, and alternate account creation with spamming. Time to dust off Kitten Auth?
Firehose:Next-generation CAPTCHA Exploits the Semantic Gap by Anonymous Coward
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Next-Generation CAPTCHA Exploits the Semantic Gap 25 Comments 87 More | Login | Reply /

13 Full
12 Abbreviated
0 Hidden
87 More | Login | Reply
Loading... please wait.

  • Too hard. (Score:5, Insightful)

    by Whiney Mac Fanboy (963289) * <whineymacfanboy&gmail,com> on Wednesday April 23, @08:03AM (#23169862) Homepage Journal
    The general public will not know what "geometric" means*.

    This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.

    *or annotate... or centre

    • Blind people? (Score:4, Insightful)

      by tepples (727027) <slash2006@pinei[ ].com ['ght' in gap]> on Wednesday April 23, @08:09AM (#23169910) Journal

      As Captchas get harder more humans will fail them.
      And as the population of the Internet grows, more blind and hard-of-sight people will be using the Internet, and they will fail visual tests deployed by web site operators who don't bother to deploy a decent audio test.

      • Re:Blind people? (Score:5, Interesting)

        by Ngarrang (1023425) on Wednesday April 23, @08:22AM (#23170042) Journal
        The blind and hard-of-sight have always been poorly served by what is a very visual medium. I don't think will be changing anytime soon. And for that matter (and this may across harsh), I don't if it should be a concern. Do we lament that the blind and h-o-s cannot drive?

        The cost of being all-inclusive can be too high for some budgets.

        • Re:Blind people? (Score:4, Insightful)

          by csnydermvpsoft (596111) <csnyder@mvpsoft.com> on Wednesday April 23, @08:52AM (#23170284) Homepage
          The blind are able to use braille displays and screen readers to access well-designed sites. The whole point of CAPTCHAs, however, is to have images that computers are unable to read. Accessible design and CAPTCHAs have exactly opposite goals.

          The Internet is becoming much too important to leave a significant amount of the population (pardon the pun) in the dark. We have the technology to help the blind navigate web sites independently. Unfortunately, CAPTCHAs are hindering much of that progress.

          • Re:Blind people? (Score:5, Insightful)

            by Ngarrang (1023425) on Wednesday April 23, @09:03AM (#23170402) Journal
            csnydermvpsoft wrote, "The Internet is becoming much too important to leave a significant amount of the population (pardon the pun) in the dark. We have the technology to help the blind navigate web sites independently. Unfortunately, CAPTCHAs are hindering much of that progress."

            No, spammers are. The root problem of this "solution" is the spammers, who do not care our personal feelings of privacy. They don't care that their messages cause everyone else's costs to rise.

            Without CAPTHA technology, none of the web mailers would be usable, as they would all be blocked by every known blacklist.

            For this reason, I think the penalties for convicted spammers should be far higher than what they are now. Their actions are subverting the ease of use for a very large group of people.

            • Re: (Score:3, Insightful)

              by jackb_guppy (204733)
              CAPTHA are already dumping people with color issues, not blind but do not have the ability to perceive color differences.

              Others are using letters / numbers that after distortion could be a,d,9,g for example.

              Personal, I give a site two tries before I give u

      • Don't forget users of lynx (Score:4, Interesting)

        by Nursie (632944) on Wednesday April 23, @08:30AM (#23170122) Homepage
        It annoyed me mightily the day slashdot introduced captchas for comments when you weren't already logged in. And somehow broke the login process from lynx.

        Lynx is the geek slacker's greatest tool, when run in an ssh session from your home server, not only is the traffic unloggable (except for "he's calling home a bit") but it even looks like work to the uninitiated.

    • The general public will not know what "geometric" means*.

      This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.

      *or annotate... or centre

      If this is the case, do the captchas have the issue, or does humankind?

      • Re:Too hard. (Score:5, Insightful)

        by Smidge204 (605297) on Wednesday April 23, @08:26AM (#23170082)
        Definitely the human's problem, although presumably if a human is smart enough to make it then a human is smart enough to figure it out...

        To be optimistic, I actually like to think of it the other way around:

        CAPTCHAs are providing a valuable evolutionary pressure on machine vision/artificial intelligence development!

        =Smidge=
    • I noticed RapidShare has a new CAPTCHA involving writing only the letters and numbers that have a cat in a certain pose and the rest of the letters have a cat in a different pose. The letters were very distorted and the cats were on top of the letters or

    • The general public will not know what "geometric" means*.

      This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.

      *or annotate... or centre
      Soon we will welcome computers to our online forums for their insightful, informative and interesting comments. The CAPTCHA will be there as an initial filter on the quality of posters. It will exclude stupid computers and stupid people.

  • curses... (Score:2, Funny)

    by Anonymous Coward
    It's already spotted that I am a computer and it won't even load.

  • worthless (Score:5, Insightful)

    by tritonman (998572) on Wednesday April 23, @08:09AM (#23169904)
    who needs to write CAPTCHA exploits when you can just hire 50 chinese kids for 3 cents per day to create email accounts and send spam out for you?

  • Lyrical Response Mechanism (Score:3, Funny)

    by FurtiveGlancer (1274746) on Wednesday April 23, @08:13AM (#23169936)
    Why don't we take a note from TV and have the user sing the missing lyrics of a classic hit. Even if they don't pass, it will make for much more fun around the computer, especially at the office.

  • It's still trivially crackable. (Score:4, Insightful)

    by Jason1729 (561790) on Wednesday April 23, @08:14AM (#23169946)
    All they need to do is offer free porn to people who solve the captchas and embed the captcha in their site. It doesn't matter how sophisticated the test is or hard it is for a machine to do it, they all have that fatal flaw.

    Then there's also the option of paying Warcraft gold farmers to solve captchas and take a break from the game.

    • Re: (Score:3, Interesting)

      by Arancaytar (966377)
      Trivia questions. Most internet communities are dedicated to some kind of specific topic. Even someone who is unfamiliar with the trivia can use Google, which the machine cannot.

      (Also, said trivia questions will be applicable only to one specific site, so
  • Slashdotted already.
  • It should be fairly easy to write an audio CAPTCHA you just have to get someone to read some text. Computers are very poor at speech synthesis at the moment.

      • Re: (Score:3, Insightful)

        by Matje (183300)

        If a computer could recognize the difference between human and computer generated speech, then it would know how to generate human sounding speech.
        Bullocks. Why is this modded informative? You don't provide any backup for your claim.

        It is imaginable to create a model that describes speech characteristics in general and computer speech characteristics in particular. Any sound sample could compared wi

  • Alternative... (Score:5, Informative)

    by martin_henry (1032656) on Wednesday April 23, @08:20AM (#23170006)
    Alternative URL: http://wang.ist.psu.edu/docs/projects/imagination.html [psu.edu]

  • Test site slashdotted... (Score:3, Informative)

    by thrill12 (711899) on Wednesday April 23, @08:26AM (#23170084)
    ...but some more info here [psu.edu] as well as a (ugh) [a href="http://wang.ist.psu.edu/imagination/imagination.ppt">powerpoint and a user study [psu.edu] with some samples.
  • Just hire out cracking it to a mechanical turk service, and log their results to a database. Before long, you'll have a system capable of monte-carlo guessing at a high rate of accuracy. The computer doesn't need to know much about the image to make an educated guess with a large enough data pool of previous solutions.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2008 SourceForge, Inc.