Forum latest

  • Happy Birthday Daniel ~!
    Allan, how very cool to hear from you! I hope that it goes well for you and your fami...
  • Happy Birthday Daniel ~!
    Does "Happy belated birthday wishes" even cover this by now? :-) Not sure it does! S...
  • It's true..
    Watched "Now You See Me 2" last night. Been a while since the first one, so I'm not a...
Researcher Cracks ReCAPTCHA
Security
Written by Daniel   
Friday, 20 August 2010 16:48

From Dark Reading

A researcher earlier this month demonstrated how he solved Google's reCAPTCHA program even after recent improvements made to the anti-bot and anti-spam tool by the search engine giant.

 



Chad Houck, an independent researcher, also released the algorithms he wrote to crack reCAPTCHA. Houck had published a white paper on the hack prior to presenting his research at Defcon in Las Vegas, and says that Google made several fixes to reCAPTCHA that defeated several of his algorithms before he was scheduled to give his presentation. He then quickly came up with a few additional approaches with his algorithms, and says he was able to beat the updated reCAPTCHA 30 percent of the time.

"[ReCAPTCHA] has never been wholly secure. There are always ways to crack it," says Houck, whose algorithms have been available online since Defcon. "The information [about the research] is out there. Google still hasn't changed it, which kind of surprises me."

Google, however, thus far has not seen any signs of this being actively used in the wild.

A Google spokesperson says the company had strengthened the verification words in the program both before and after Houck's paper was published. "We introduced changes both before and after its appearance to improve the strength of our verification words," the spokesperson says. "We've found reCAPTCHA to be far more resilient while also striking a good balance with human usability, and we've received very positive feedback from customers. Even so, it's good to bear in mind that while CAPTCHAs remain a powerful and effective tool for fighting abuse, they are best used in combination with other security technologies."

[More...] [Comments...]

 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either