In February, Web security firm Websense announced that CAPTCHAs at Google, Microsoft and Yahoo!
But in July, reports surfaced that the services' upgraded CAPTCHAs had also been defeated.
"There are some obstacles we need to overcome in duplicate detection and captchas, " he says.
When the failure rate of humans and the success rate of bots converge, CAPTCHAs will become meaningless.
FORBES: Artificial Intelligence Will Defeat CAPTCHA -- How Will We Prove We're Human Then?
CAPTCHAs definitely serve an important function, keeping spammers from mass-creating email accounts or junking up comment streams.
FORBES: Those Scrambled Word Tests For Stopping Spambots Are Tough For Humans Too
Because blind Web surfers use automatic reading software to interpret pages, CAPTCHAs represented insurmountable walls on Target's site.
More generally, CAPTCHAs have a bigger problem: Teams of people in India and China working to solve the puzzles for pennies.
The company claims that a PlayThru presents users with five levels of interaction, a significant step up from the OCR of CAPTCHAs.
FORBES: Artificial Intelligence Will Defeat CAPTCHA -- How Will We Prove We're Human Then?
First, a boatload of strategies are posted around the web about how to improve recognition in scripts in order to break CAPTCHAs.
FORBES: Artificial Intelligence Will Defeat CAPTCHA -- How Will We Prove We're Human Then?
In a presentation at August's DefCon hacker conference, security researcher Michael Brooks showed how those audio CAPTCHAs can be disassembled by computers.
CAPTCHAs are commonly used for user registration, contact forms, or failed logins.
FORBES: Artificial Intelligence Will Defeat CAPTCHA -- How Will We Prove We're Human Then?
And that, after all, is just what CAPTCHAs are meant to achieve.
Require CAPTCHAS. As annoying as this is it stops brute force attempts and assures your customers that you are protecting their accounts.
Instead of farming the captchas out to people who cracked them for money, they would trick the owner of the machine into helping.
Libraries of solved CAPTCHA images have also been collected, thanks to sites around the web that pay people fractions of pennies to solve tons of CAPTCHAs.
FORBES: Artificial Intelligence Will Defeat CAPTCHA -- How Will We Prove We're Human Then?
Sites that use CAPTCHAs typically tolerate a certain failure rate for humans, but may lock out access from an IP if the failed attempts exceed a threshold.
FORBES: Artificial Intelligence Will Defeat CAPTCHA -- How Will We Prove We're Human Then?
Ultimately, cracking captchas represented a cost to the attackers.
Now, thanks to the Target ruling, CAPTCHAs must also offer an audio option--a distorted recording of letters and numbers read aloud that's often far easier for a computer to interpret than a distorted image.
In a study presented at the IEEE Spectrum symposium on privacy and security last month, a group of Stanford researchers collected more than 300, 000 CAPTCHAs used by popular Web companies like Google, Microsoft, and Yahoo!
FORBES: Those Scrambled Word Tests For Stopping Spambots Are Tough For Humans Too
Amazon Mechanical Turk used to be a popular one, but now a number of independent sites are around, such as Death by CAPTCHA. Clever hacks have even been developed for audio CAPTCHAs that merely deconstruct waveform shapes to identify what numbers are being spoken.
FORBES: Artificial Intelligence Will Defeat CAPTCHA -- How Will We Prove We're Human Then?
应用推荐