All's well that ends swell
|
|
|
Advertisement
Subscribe to INQ newsletters
Advertisement
INQ Poll
If a human can read, a program can r ead too.
Oh yes?is it as easy as you say?
So Why Yahoo or Google are Still alive?
re: semantics comment.

Whilst you'd like your question to be unanswerable by a computer, the second you re-use any question, it's simply a case of storing questions and answers in a database.

You would have to permanently assign a member of staff to manually generate new unique questions.

You couldn't let your users generate the questions either, since you cannot assume zero malicious users.
That captcha is useless has been known for a while. What's needed is a semantic replacement for it.

So, you face a form, with the question "which of the following is not a part of a healthy diet

Orange,
Apple,
Poop"

with a request to enter the correct answer in a text box. Vary the question, make it more complex even, the point is to make the test semantic. Computers are shite at semantics. You can't brute-force inherent meaning.
We figured out how easily CAPTCHA was broken last year for two reasons.

1). Anyone who's ever used Yahoo chat knows there CAPTCHA system, designed to keep out porn bots worked maybe a few weeks.

2). Our website commenting system, utilizing what was considered a secure CAPTCHA system became innundated with viagra bots until we implemented additional measures (Hashcash).

Here at the INQ your comment systems CAPTCHA is as weak as everyone elses. I hope you're using Hashcash or some other algorithmically taxing safety net. Pretty simple to implement too. www.hashcash.org

Scott
Enter the Voight-Kampff test.
(http://en.wikipedia.org/wiki/Voight-Kampff_machine)

(lol, a captcha is needed to submit a comment)
Go on. Get rid of the captcha on the comments if they don't work :)
I still had to use one to comment on this article, which has turned this comment into a kind of self-fulfilling thingamabob.
Irony...

http://img239.imageshack.us/my.php?image=easilyhackablecf7.jpg
yliogjcally not. Why would anyone bother?
The comments are easily hackable.
Surely with ReCaptcha then the easily OCR'd images would by definition not exist unless the baddies are using fancier algorithms than the people digitising the books (which is entirely feasible).

Hmm, TheINQ uses a Captcha for this comments page.
Man you are just saying rubish, you are just a average jornalist. Don't make yourself even more stupid that what you are alread.
So why your captcha is still here
Simple you lock the number of refreshes of a captcha per IP surely? 

So they have a botnet and you have locked refreshes of the captcha per IP to say 10? You can quickly get a map of the botnet's addresses because you'll have lots of captcha requests that fail 10 times. 

With such a list you could then block parts of a botnet by IP release the block every 7 days just in case the zombies release their IP to get another one (something that requires losing contact zombie until it reconnects to the internet), some zombies will be connected to cable infrastructures which require a lot more work to release the IP, meaning that the zombie pc will be blocked, as in the example, for 7 days.