[SEC] CAPTCHA

[Gouki]

People can get a better understanding of what CAPTCHA is by reading this wiki page.

For a couple of years (?) now, implementations of CAPTCHA were ugly and funless. Allot of sites have been implementing this technology to verify that in fact, there is a user behind the computer and not just a bot trying to spam some Digg articles or registering on MSFN. The implementation was fairly simple and basic. A image that would be hard for a computer (computer as in bot) to 'dechiper' but easy for a human being.

A new form of this security measure has been invented, involving cats. You can test it here.

Older versions (and the ones that are implemented now), are easy to break. Different IPs addresses could be trying different combinations until one finnaly is correct. The different IP addresses would allow the attacker not to be blocked for abusing the service. Experts believe that this new form of human verification will give much better results, however, I dont think that's the case.

If only one person uses this (wich is not going to happen), he will be really 'safe'. However, as people start to adpot this new verification process, attacks will start to appear.

The method used is a 3x3 grid with 3 kittens. On the total of 9 available images, only 3 are the correct ones. That makes a total combination number of 84 possible correct 'answers'.

Something that the author forgot was that, if the kittens database (never thought I used db and kittens on the same sentence) has a small number of kittens, a user could educate a computer and tell him (him as in PC) wich ones are the kittens). Of course having a 10.000+ database of kittens is not a option, so we can expect some major hacks on this method.

To make things even more fun, consider adding some sort of image recognition to the bot.

I know some people will take this is allot more than what we actually need to protect spam on Digg (for i.e), but maybe having some sort of sound would be a nice idea. A rock sound was played, and the user would have to click Ozzy Osbourne image.

So, what do you think about this new 'brilliant' method?

Speaking of Digg, I just found this submitted. Digg it

[RogueSpear]

This comment is a little off topic, but as a cat owner, that "Flo Control" project just about had me splitting my side.

That's a pretty interesting post though and certainly makes for some good reading. I imagine that this variation on determining if someone "human" or not will catch on in certain areas.