Comments on: Defeating Digg’s CAPTCHA

By: T=Machine » Austin GDC: Vote for your conference

T=Machine » Austin GDC: Vote for your conference — Mon, 16 Jul 2007 19:03:53 +0000

[...] case, the only question is “can we pass step 3?”. “But email providers have captchas, that stop automated account creation!” I hear you cry. Ahem. Even if they did (stop you automatically creating email addresses) the [...]

By: Josh's Query

Josh's Query — Fri, 01 Jun 2007 23:31:10 +0000

Greetings & thanks for writing this article … it was an excellent read. It’s sad to see how easily captcha security can be defeated.

I just spent an afternoon or so writing an animated gif captcha (check the web site). I am assuming that decoding a series of pictures would be more difficult than just a flat one, but I don’t know that for sure.

Any chance on getting you to take a look at it from a security perspective and pointing out some of my weak points. Source is included just in case you need to look around for a break-in point.

Thanks in advance

By: someone

someone — Wed, 14 Mar 2007 01:59:24 +0000

Actually a better thing to do is ask questions, such as “What is the 3rd letter in this sentance” or “Write the following word below ‘y’”

These are harder to defeat by bots (since you can personalise them) as well as being solveable by people who are blind and require a screen reader.

By: Brent

Brent — Fri, 19 Jan 2007 14:29:47 +0000

Zork,

This wasn’t about feeling all big, this was to showcase one method someone might go about cracking a CAPTCHA. Hopefully providing some insight on how to design better CAPTCHAs.

By: Zork

Zork — Thu, 04 Jan 2007 21:44:31 +0000

You guys don’t get it. Spend this time writing a better CAPTCHA or something else that will provide the same functionality. I see no talent here in cracking an existing one. Help out a little and build something usefull, instead of feeling all big because you can crack something you know is obviously crackable.

By: Steven

Steven — Wed, 29 Nov 2006 19:54:35 +0000

sorry…

http://www.animierte-captcha.de

By: Steven

Steven — Wed, 29 Nov 2006 19:54:10 +0000

Look at this captcha - its animated. The whole code is not visible - only a part of it. A visitor can solve the captcha - but no robot.

By: Tim Wilkins

Tim Wilkins — Sun, 10 Sep 2006 10:23:22 +0000

Interesting article, I hope these CAPTCHAs go out of fashion soon, they are a real nusciance.

By: WaltDe

WaltDe — Fri, 01 Sep 2006 14:58:07 +0000

Very good reading. Peace until next time.
WaltDe

By: anonymous

anonymous — Wed, 19 Jul 2006 21:19:37 +0000

Quite correct, Brent. Several organizations use and modify GPL’d software internally, e. g. the US Dept. of Defense. They don’t release their code outside of the organization. That’s one of the freedoms that the GPL provides: the keeping of your tweaks to yourself if you want.

Thank you for presenting this article. Security through obscurity is not security at all, and as the Microsofts and Apples of the world continue to prove again and again, it never has been. The more that we share information, the better armed we all are to defend ourselves against the baddies out there. The OpenBSD team’s work is an excellent example of this, as is the book “Applied Cryptography”. You did a good thing here.