Digg’s Evolving CAPTCHA

October 2nd, 2005

Approximately 30 hours after I posted Digg made a change to CAPTCHA by altering the foreground colors and background colors, alternating normal and bold face, and mixing upper an lowercase letters. With the a slight modification to my program (not making all letters lowercase) it reduced my program’s accuracy to 11 % (out of 200 samples). But there was another problem, approximately 15% were not human solvable.

Examples:

I’m sure they received complaints and they changed it again, this time altering the thickness of the background lines and dropping the dictionary words, this new version also seems to only produce ~1% human unsolvable.

More Examples:

My past technique would no longer work. While it is definitely better, it still has the weakness of a consistent font and placement. If I wanted to break it again, I could take samples of colors from the areas I know would not be letters, remove them, and train the OCR to the font they use. I won’t be demonstrating how because ultimately I want to continue to use digg and they are obviously aware of the problem now.

Now onto another CAPTCHA that will be 100% breakable…

Filed under: Security,Software by Brent | Comments (0)

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI Over 23 Million domains use PHP
Over 4.5 million PHP developers
Only 1 PHP Professional development Tool
Get Zend Studio today! Click Here

No Comments »

Leave a comment