Welcome to WebmasterWorld Guest from 23.22.250.113

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

ZDNet Sheds Light on CAPTCHA Solving in India

     

rogerd

3:18 pm on Sep 2, 2008 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Fascinating and detailed study of the commercialization of CAPTCHA breaking: Inside Indiaís CAPTCHA solving economy [blogs.zdnet.com] by Dancho Danchev.

...Iím already starting to see evidence of consolidation between Indiaís major CAPTCHA solving companies. The consolidation logically leading to increased bargaining power, is resulting in an international franchising model recruiting data processing workers empowered with do-it-yourself CAPTCHA syndication web based kits, API keys, and thousands of proxies to make their work easier, and the process more efficient.

This is either a horrifying development or a handy and cost-effective service, depending on which side of the CAPTCHA barrier you sit on.

Quadrille

11:28 am on Sep 4, 2008 (gmt 0)

WebmasterWorld Senior Member quadrille is a WebmasterWorld Top Contributor of All Time 10+ Year Member



But if they actually had the technology, they'd be shouting about that.

This sounds like a more efficient use of two-cent per hour click labour, rather than an advance in fraud techniques.

The fact that they need to consolidate is probably good news, and suggests that maybe the CAPTCHA advances are getting a little ahead of the cheats :)

It would be nice to see a little cooperation between the captcha creators ;)

Interesting to think that what will save captcha in the long term is not technology - but the labour market being unable to supply clickers cheaply enough!

[edited by: Quadrille at 11:30 am (utc) on Sep. 4, 2008]

weeks

1:46 pm on Sep 4, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I agree Q, but articles such as this are valuable in keeping us awake to the mindset of some very selfish, unkind people who are doing real harm to the good potential the Internet holds.

Like WW, the only system that I found that works is having wise people in place to view what's going on.

Quadrille

2:19 pm on Sep 4, 2008 (gmt 0)

WebmasterWorld Senior Member quadrille is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Yup; making those clicks a waste - and therefore more expensive - is the right way to go.

Having layers of defense - not just the captcha - will help, but nothing beats human moderation, care and common sense.

I often wonder how these low-level spammers make a profit; 99% of the captcha-beaters I've seen or heard of seem to gain no cash reward whatsoever. And even the 1% are marginal at best, relying on total newbies or plain old fashioned idiots (who probably have little cash and no credit card).

Who pays for this stuff, and wouldn't they do better with Adwords?

jimbeetle

2:58 pm on Sep 4, 2008 (gmt 0)

WebmasterWorld Senior Member jimbeetle is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Clicking through to a couple of the older, referenced ZDNet articles I wound up at a Microsoft research paper, Using Machine Learning to Break Visual Human Interaction Proofs [research.microsoft.com] (pdf). As I had no real idea how this stuff actually worked it turned out to be fascinating, very understandable read.

Demaestro

5:59 pm on Sep 8, 2008 (gmt 0)

WebmasterWorld Senior Member demaestro is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Sounds like a waste of an industry to me. As soon as CAPTCHAs are cracked and widely abused sites will just implement other ways of weeding out the bots.

I don't even use CAPTCHA on any sites. The methods I use work and work well for trapping bots, and are easy to implement.

Hope they burn through a ton of money only to find what I am saying to be true.

People buying into this are wasting their money.

[edited by: Demaestro at 6:02 pm (utc) on Sep. 8, 2008]

BradleyT

6:18 pm on Sep 8, 2008 (gmt 0)

10+ Year Member



Quadrille,

If you find something you can exploit, like the previously exploitable Twitter Bio Link - [mattcutts.com...] then you can easily write a "bot" that will create 10,000 twitter accounts in no time.

The only problem is that the captcha needs to be solved on each account creation. So you pay $20 to have the 10,000 captchas solved by one of the above services.

Your bot would try to register an account, take a screenshot of the captcha, pass it to the captcha breaking team via their API, wait for and get the result, and then pass it in with the other form values. Now you have 10,000 twitter accounts ready to give backlinks to whatever sites you want.

And obviously there are hundreds or thousands of sites out there where a system like this can be used.

incrediBILL

7:38 pm on Sep 8, 2008 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Labor is so cheap in India that one of their main CAPTCHA solving solutions has already proven to be simply putting humans at the keyboard. I already have a simple solution to India, anything from India instantly goes into moderation awaiting my approval and 99.9999% of it simply gets deleted.

rogerd

8:00 pm on Sep 8, 2008 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



As much as I hate the result, I rather admired the ingenuity of the captcha crackers who crowdsourced the cracking by grabbing the image that needed to be cracked, and then showing erotic pictures to random users who typed in the translation. The user saw the pic, never realizing that he just provided a login code for some other site. And if he wanted to see another pic, he just had to type in a new code...

Diabolical. Why pay low wages when you can get free labor from desperate geeks?

mack

8:01 pm on Sep 8, 2008 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The captcha project itself is along the same lines, they are using the images to improve the software that can read the images.. kinda a good idea that is scheduled to ruin itself.

Mack.

koan

8:28 pm on Sep 8, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Diabolical. Why pay low wages when you can get free labor from desperate geeks?

Anyone decrypting codes to view one lousy erotic picture is not a geek. Geeks know where to find the good stuff for free.

IanTurner

11:01 pm on Sep 8, 2008 (gmt 0)

WebmasterWorld Administrator ianturner is a WebmasterWorld Top Contributor of All Time 10+ Year Member



rogerd - you gotta hand it to them for ingenuity :)

Agreed koan - but make it look like a computer game and the geeks are hooked.

Quadrille

11:42 pm on Sep 8, 2008 (gmt 0)

WebmasterWorld Senior Member quadrille is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Theoretically, you are all right.

But here in the real world, sites using CAPTCHA intelligently with other defences, still blocks 99% of spam attacks.

Live with it.

Theoretical support of spammers is all good fun, but any site determined to block the b***stards can do it.

Sorry, guys, but that's the truth.

Rodney

12:27 am on Sep 9, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The captcha project itself is along the same lines, they are using the images to improve the software that can read the images.. kinda a good idea that is scheduled to ruin itself.

Are you referring to the REcaptcha project?

I always thought it was weird that they were setting up captcha images to improve computer reading.

When I first found the site way back when, I thought it was some type of scam until I saw it was by Carnegie Mellon.

Seems counter productive?

IanTurner

5:08 am on Sep 9, 2008 (gmt 0)

WebmasterWorld Administrator ianturner is a WebmasterWorld Top Contributor of All Time 10+ Year Member



It is just like any other security related product. If you have a lock on your house a thief will become a lock pick, the better the lock, the better a lock pick the thief becomes - until such time as another route becomes easier.

Quadrille

9:46 am on Sep 12, 2008 (gmt 0)

WebmasterWorld Senior Member quadrille is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Not quite:

"If you have a lock on your house a thief will become a lock pick, the better the lock, the better a lock pick the thief becomes - until such time as another house becomes easier."

It's exactly like putting on running shoes when two of you are pursued by a bear - you don't need to outrun the bear.

Security needn't be about the 'safest', for most purposes, just 'safer than most'.

CAPTCHA can never defeat human slaves alone (it was designed specifically to let humans pass!); but as one line of defense, it can delay the break; language based tests can defeat the cheapest clickers - they don't speak English.

And as the lock pickers advance, so must the locksmiths. And they do. ;)

 

Featured Threads

Hot Threads This Week

Hot Threads This Month