CAPTCHA video defeat
Monkey Archive Forums/Digital Discussion/CAPTCHA video defeat
| ||
| http://www.itworld.com/security/251726/researchers-defeat-video-captcha-antispam-tests I was reading this news about the (new) violation on the Captcha system, and I got an idea to 'resolve' the problem about this security system. The idea is quite simple. Create a mini game (like this old game http://en.wikipedia.org/wiki/Fifteen_puzzle for example, with less tiles of course) in HTML5. If the user resolves the game, pass granted, otherwise nothing. Maybe with a timer. And Monkey is the right tool, in my opinion. (I must register the idea...) Any ideas? |
| ||
| Captcha seems to have gotten less obnoxiously difficult in recent months. I don't know how secure it is and don't really care. That's the site administrator's problem. Any replacement should stump the bots while being trivially easy for humans. A game/puzzle, no matter how easy, seems like overkill. I recently visited a site that used a text box containing hundreds of random alphanumeric characters. I had to copy and paste to another box to get access. That was trivial for me. But I've met many people who don't know how to copy and paste. |
| ||
| @degac I think it's a terrific idea. The perfect game for this might be the classic "which cup is the ball under" game. All three cups are up. It shows you which cup the ball is under. It slowly shuffles the cups. You pick the one with the ball and you are through. It would take a lot for a bot to crack, and it would be easy and fun for someone to do for the captcha. I also do websites, and clients are asking me often to remove reCaptcha from their sites because the words are becoming ridiculously hard to figure out. Something like this would be a beautiful alternative. |
| ||
| @benmc: glad to see you like the idea @floyd: the 'game' idea can be replaced with something less overkill, maybe a 'slide to unlock' version of iOS or 'connect the points'; everythig you need is a 'human interaction' with mouse and non so easy (for today standards) simulable by a computer. Cheers |
| ||
| the cup idea is a bad one, it would only stop 2 thirds of the bots, and 1 third would still get through, the bots would simply pick option 1 all the time. A better idea would be something that used a little AI so that the outcome cannot be predicted, nor giving a generic answer provide a decent entry number. |
| ||
| maybe a 'slide to unlock' It never occurred to me before but that's a sliding block puzzle with one block. And I see those all the time on my phone for things like turning an alarm on or off. |
| ||
| They are to stop bots not humans... to be effective you would need your game to be entirely server based (otherwise the bot would skip the game and just say win=true), and even then bots could be written to beat your game. WoW has bots, match 3 games have bots. Even abstract games could and would have bots if it was profitable for someone to write them. The best anti-bot system is one which is custom to a site (like asking simple domain specific knowledge based questions on sign up) and then hope your own site doesn't become the explicit target of spammers. |
| ||
| @Taiphoz I still think the cup idea would work, at least for a while. The bot would have to exist first, and I don't think you'd type in the cup number, you'd actually have to click it, so there could be some randomness added to the game so a bot couldn't just click the same spot over and over again. Another idea might be 9 squares of a chess board, and it places the King and a Rook somewhere on the board, and you have to put the king in check to move on :) |
| ||
| http://www.engadget.com/2012/05/03/playthru-hopes-to-kill-text-captchas/ http://www.areyouahuman.com/ ...argh! |
| ||
| LOL! Hope you sent it your patent on time ;) |
   |