[SGVLUG] Meeting Thur 7/11 7-9pm + Captcha

matti mathew_2000 at yahoo.com
Mon Jul 9 18:00:53 PDT 2007 

Hi!

Remember, we have a meeting planned for
thur nite 7/11..

www.sgvlug.org

please help spread the word!

Oh, and I was reading a bit on Captchas
and found it interesting enough to share

article referred to on /.

http://tech.blorge.com/Structure:%20/2007/07/08/spammers-overcome-hotmail-and-yahoo-captcha-systems/

wiki reference
http://en.wikipedia.org/wiki/Captcha

more references

Breaking a Visual CAPTCHA
http://www.cs.sfu.ca/~mori/research/gimpy/

Best Captcha Ever (haha)
http://www.thehumorarchives.com/joke/Best_Captcha_Ever

oh and some fun references to turks...
(see comments below)
http://en.wikipedia.org/wiki/Mechanical_Turk

http://www.mturk.com/mturk/welcome


enjoy
matti

--

2 most interesting to me (so far) /. comments..

unsurprising
(Score:5, Interesting)
by kuzb (724081) on Monday July 09, @04:06AM (#19797293)
One of the things I get tasked with at work is handling forum and
service spam. Of all the methods I've used to deter spammers, captchas
rank among the least effective. A lot of people seem to think the
answer is in changing the nature of what the user has to interpret.
I've had suggestions ranging from audio captchas to math problems, and
dozens of others that lead to the same kinds of problems - you're
making it hard, or in some cases, impossible for legitimate users to
use your service. Language barriers rank among the biggest problem. Say
you have a picture of an apple, and the user is supposed to type
'apple'. It falls short when you realize the person viewing it may not
speak english at all, or may have no idea how to spell 'apple' in
english. Same with audio captchas.

The most effective (surprisingly) were form fields hidden with CSS so
the users don't enter data in to them, but bots will. You can reject
the entire post at that point. It's not universally effective (some
bots will actually look at your CSS to determine if you're doing this)
but it sure cuts down on a lot of bogus posts. Another method is to
generate a form key of some kind, and use that to verify that the form
is only good once. this slows spammers down because in order to post
again and again, they have to reload the page in order to get a new
key. many don't do this, and will attempt to use the same key over and
over. if you use a few of these methods, and track repeat offenders,
you can add them to your firewall rules so they can't even load the
page. Of course, most serious spammers will use hundreds of IPs, so
it's difficult to get them all.

It's important to realize that this is a fight you simply can't win -
if they're serious about getting through, they'll get through. The most
you can hope to achieve is to slow them down long enough to come up
with an improved solution.

---


Creative CAPTCHA
(Score:5, Interesting)
by QuoteMstr (55051) on Monday July 09, @04:42AM (#19797513)
As luck would have it, I stumbled across a twist on the captcha concept
while registering for a site. Instead of asking the human user to
correctly enter the word displayed in an image, it presented the user
with a grid of images. About half of them were of cars. The other half
were cats.

The site just asked the user to check off each image representing a
living thing.

Simple, and brutally effective against current AI. I can think of
various tricks one can use to make the comparison more difficult as
well.

How long until we're using the kind of tests we saw in Blade Runner?

---









       
____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's 
Comedy with an Edge to see what's on, when. 
http://tv.yahoo.com/collections/222

More information about the SGVLUG mailing list