CAPTCHA, the Completely Automated Public Turing test to tell Computers and Humans Apart, has been used for years to try to stop automated spamming and as a line of defence when it comes to hacking into accounts.
It seems that the technology behind some CAPTCHA systems is somewhat lacking though as sites have sprung up offering ways to circumvent the service from uploading CAPTCHA images to other computer assisted tools and crowd-sourcing to get around this particular gate.
Imperva, known of its data security solutions, has released its June Hacker Intelligence report entitled, “A CAPTCHA in the Rye”. We see what they did there…
The report points out that there are weaknesses relating to some CAPTCHA systems and as the Register recently reported, hackers are finding their way around these tests to flood sites with spam.
Aside from being a little less secure than we might hope, there is often some frustration with the CAPTCHA system and users often report an inability to read the mangled letters, even though they are (or appear to be) human.
Making better choices
Imperva’s study also provides a few suggestions to site owners as to how they might improve the situation. The integration of simple riddles and contextual semantics can be introduced to avoid machine understanding, but then this may also be culture-specific, so finding a general option that is useful but still safe is by no means easy.
There are other options of course. Imperva also highlights the ideas of adding a mini-game or making harder CAPTCHAs for site users who exhibit ‘suspicious behaviour’. Again there is a problem though, with human-machine interaction, there are times when all of us look a bit odd online. If at first you don’t understand a CAPTCHA you are likely to try a few more times, is that suspicious?
Also, the idea of having to play a mini-game just to post a comment on a site would be off-putting to many users who may have decided to add their thoughts on a whim. This poses a problem for sites that would prefer users to stick around.
There are more sophisticated means listed in the report too such as, anti-automation solutions to bolster CAPTCHA defenses with traffic-based automation detection, behavioral analysis, content analysis and blacklists. Which sounds a bit more solid when it comes to a defence.
One thing that does make at least one form of CAPTCHA interesting is that it also provides a long running service for translating printed text.
The reCAPTCHA service not only fights bots, is accessible to blind people with its audio feature and each time a word is identified, it helps to digitize a book. One word at a time. The going might seem slow, but with over 200 million CAPTCHAs solved every day, there’s plenty of work being done to get more books online this way.
Of course without the humble CAPTCHA we would be deprived of CAPTCHA Comics too. The site where the wobbly words are translated into illustrations, based on the odd combinations that turn up such as ‘Sacrifice people‘ or even ‘Vivaldi goggled‘.
Then again, if you like a good pun, you may prefer the more amusing Catcha, which requires users to ‘spot the cat’ in a selection of images. The visual element here being a bit trickier for bots to work with.
If you’re concerned about getting spammed on site, the full report from Imperva can be found here.
Image Credit: Bekathwia