To bypass spams and brute force attempts on various sites, whether its registering for accounts or submitting forms, sites world over use Captcha codes. Till today, these captcha codes would have to be entered as indicated by humans, but this is changing with discovery of new way to decipher it.
Captcha stands for Completely Automated Public Turing Test to differentiate between Computers and Humans. It was invented by Carnegie Mellon University computer science graduate student in 2000 as a security tool to safeguard web sites from automated bot attacks and spammers.
Team of researchers at Stanford have outsmarted the Captcha codes. Their anti-spam tool-breaker was able to kill off captcha’s protective cover.
“As we substantiate by thorough study, many popular websites still rely on schemes that are vulnerable to automated attacks. For example, our automated Decaptcha tool breaks the Wikipedia scheme… approximately 25% of the time. 13 out of 15 of the most widely used current schemes are similarly vulnerable to automated attack by our tool. Therefore, there is a clear need for a comprehensive set of design and testing principles that will lead to more robust captchas.”
Decaptcha is capable of isolating the text from noise in the captcha image. From the clean text image, it then runs a smart OCR (optical character recognition) to translate image to text.Each text character is identified individually.
To prototype was able to break into Real world websites with Captcha. Decaptcha worked successfully on Visa’s Authorize.net payment gateway was defeated 66 per cent of the time. eBay’s captcha was sidestepped 43 per cent of the time. Lower thwart rates were recorded at Wikipedia, Digg and CNN.
Google and reCAPTCHA were the only two that beat out the Stanford team’s automated tool–no gotchas for either one.
More details: PDF