homepage Welcome to WebmasterWorld Guest from 174.129.130.202
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
ZDNet Sheds Light on CAPTCHA Solving in India
rogerd




msg:3736541
 3:18 pm on Sep 2, 2008 (gmt 0)

Fascinating and detailed study of the commercialization of CAPTCHA breaking: Inside Indiaís CAPTCHA solving economy [blogs.zdnet.com] by Dancho Danchev.

...Iím already starting to see evidence of consolidation between Indiaís major CAPTCHA solving companies. The consolidation logically leading to increased bargaining power, is resulting in an international franchising model recruiting data processing workers empowered with do-it-yourself CAPTCHA syndication web based kits, API keys, and thousands of proxies to make their work easier, and the process more efficient.

This is either a horrifying development or a handy and cost-effective service, depending on which side of the CAPTCHA barrier you sit on.

 

Quadrille




msg:3738161
 11:28 am on Sep 4, 2008 (gmt 0)

But if they actually had the technology, they'd be shouting about that.

This sounds like a more efficient use of two-cent per hour click labour, rather than an advance in fraud techniques.

The fact that they need to consolidate is probably good news, and suggests that maybe the CAPTCHA advances are getting a little ahead of the cheats :)

It would be nice to see a little cooperation between the captcha creators ;)

Interesting to think that what will save captcha in the long term is not technology - but the labour market being unable to supply clickers cheaply enough!

[edited by: Quadrille at 11:30 am (utc) on Sep. 4, 2008]

weeks




msg:3738251
 1:46 pm on Sep 4, 2008 (gmt 0)

I agree Q, but articles such as this are valuable in keeping us awake to the mindset of some very selfish, unkind people who are doing real harm to the good potential the Internet holds.

Like WW, the only system that I found that works is having wise people in place to view what's going on.

Quadrille




msg:3738276
 2:19 pm on Sep 4, 2008 (gmt 0)

Yup; making those clicks a waste - and therefore more expensive - is the right way to go.

Having layers of defense - not just the captcha - will help, but nothing beats human moderation, care and common sense.

I often wonder how these low-level spammers make a profit; 99% of the captcha-beaters I've seen or heard of seem to gain no cash reward whatsoever. And even the 1% are marginal at best, relying on total newbies or plain old fashioned idiots (who probably have little cash and no credit card).

Who pays for this stuff, and wouldn't they do better with Adwords?

jimbeetle




msg:3738320
 2:58 pm on Sep 4, 2008 (gmt 0)

Clicking through to a couple of the older, referenced ZDNet articles I wound up at a Microsoft research paper, Using Machine Learning to Break Visual Human Interaction Proofs [research.microsoft.com] (pdf). As I had no real idea how this stuff actually worked it turned out to be fascinating, very understandable read.

Demaestro




msg:3740626
 5:59 pm on Sep 8, 2008 (gmt 0)

Sounds like a waste of an industry to me. As soon as CAPTCHAs are cracked and widely abused sites will just implement other ways of weeding out the bots.

I don't even use CAPTCHA on any sites. The methods I use work and work well for trapping bots, and are easy to implement.

Hope they burn through a ton of money only to find what I am saying to be true.

People buying into this are wasting their money.

[edited by: Demaestro at 6:02 pm (utc) on Sep. 8, 2008]

BradleyT




msg:3740667
 6:18 pm on Sep 8, 2008 (gmt 0)

Quadrille,

If you find something you can exploit, like the previously exploitable Twitter Bio Link - [mattcutts.com...] then you can easily write a "bot" that will create 10,000 twitter accounts in no time.

The only problem is that the captcha needs to be solved on each account creation. So you pay $20 to have the 10,000 captchas solved by one of the above services.

Your bot would try to register an account, take a screenshot of the captcha, pass it to the captcha breaking team via their API, wait for and get the result, and then pass it in with the other form values. Now you have 10,000 twitter accounts ready to give backlinks to whatever sites you want.

And obviously there are hundreds or thousands of sites out there where a system like this can be used.

incrediBILL




msg:3740745
 7:38 pm on Sep 8, 2008 (gmt 0)

Labor is so cheap in India that one of their main CAPTCHA solving solutions has already proven to be simply putting humans at the keyboard. I already have a simple solution to India, anything from India instantly goes into moderation awaiting my approval and 99.9999% of it simply gets deleted.

rogerd




msg:3740784
 8:00 pm on Sep 8, 2008 (gmt 0)

As much as I hate the result, I rather admired the ingenuity of the captcha crackers who crowdsourced the cracking by grabbing the image that needed to be cracked, and then showing erotic pictures to random users who typed in the translation. The user saw the pic, never realizing that he just provided a login code for some other site. And if he wanted to see another pic, he just had to type in a new code...

Diabolical. Why pay low wages when you can get free labor from desperate geeks?

mack




msg:3740789
 8:01 pm on Sep 8, 2008 (gmt 0)

The captcha project itself is along the same lines, they are using the images to improve the software that can read the images.. kinda a good idea that is scheduled to ruin itself.

Mack.

koan




msg:3740824
 8:28 pm on Sep 8, 2008 (gmt 0)

Diabolical. Why pay low wages when you can get free labor from desperate geeks?

Anyone decrypting codes to view one lousy erotic picture is not a geek. Geeks know where to find the good stuff for free.

IanTurner




msg:3740908
 11:01 pm on Sep 8, 2008 (gmt 0)

rogerd - you gotta hand it to them for ingenuity :)

Agreed koan - but make it look like a computer game and the geeks are hooked.

Quadrille




msg:3740924
 11:42 pm on Sep 8, 2008 (gmt 0)

Theoretically, you are all right.

But here in the real world, sites using CAPTCHA intelligently with other defences, still blocks 99% of spam attacks.

Live with it.

Theoretical support of spammers is all good fun, but any site determined to block the b***stards can do it.

Sorry, guys, but that's the truth.

Rodney




msg:3740934
 12:27 am on Sep 9, 2008 (gmt 0)

The captcha project itself is along the same lines, they are using the images to improve the software that can read the images.. kinda a good idea that is scheduled to ruin itself.

Are you referring to the REcaptcha project?

I always thought it was weird that they were setting up captcha images to improve computer reading.

When I first found the site way back when, I thought it was some type of scam until I saw it was by Carnegie Mellon.

Seems counter productive?

IanTurner




msg:3741034
 5:08 am on Sep 9, 2008 (gmt 0)

It is just like any other security related product. If you have a lock on your house a thief will become a lock pick, the better the lock, the better a lock pick the thief becomes - until such time as another route becomes easier.

Quadrille




msg:3743347
 9:46 am on Sep 12, 2008 (gmt 0)

Not quite:

"If you have a lock on your house a thief will become a lock pick, the better the lock, the better a lock pick the thief becomes - until such time as another house becomes easier."

It's exactly like putting on running shoes when two of you are pursued by a bear - you don't need to outrun the bear.

Security needn't be about the 'safest', for most purposes, just 'safer than most'.

CAPTCHA can never defeat human slaves alone (it was designed specifically to let humans pass!); but as one line of defense, it can delay the break; language based tests can defeat the cheapest clickers - they don't speak English.

And as the lock pickers advance, so must the locksmiths. And they do. ;)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved