Great article on CAPTCHA on 15 Seconds today

<< Yankee Go Home! Latest 'Mars Rover' Image... | Home | J2EE Development using Visual Studio .NET >>

Great article on CAPTCHA on 15 Seconds today - Fighting Spambots with AI

Found it as ASP.NET...this is rapidly becoming pretty much essential for any site where users can register and post text, blogs, forums, the lot...this article provides an extensive review of current uses of CAPTCHA, ways to break it and how to avoid those breaks : here's a brief bit about it from the first part of that article:

Scientific research in academia is tightly coupled with today's technological revolution. In this article we will discuss the design, development, and use of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart). We experience various forms of CAPTCHAs in our everyday lives, for instance, signing up for an email account, performing DNS lookup (whois), or using images to differentiate between a person and a software program. All major vendors, Web portals, and email providers use CAPTCHA to improve their quality of service. Search engines and Web directories are utilizing CAPTCHA to avoid skews in their listings, possibly caused by autonomous rogue submission programs. Online polls use this technique to avoid multiple voting, as proxy addressing and/or IP spoofing makes it difficult to maintain the integrity of online polls. Protection from brute force or dictionary-based password attacks are also provided using this simple but effective practice.

First I'll describe a short history of CAPTCHA and provide a definition of Turing's test and machine vision. Then I'll define how Yahoo!, AltaVista, PayPal, and other portals use the CAPTCHA approaches in various ways to protect their digital assets. Finally I'll explain how to write a program in ASP.NET to protect a Web application from autonomous bots. Apart from the theoretical discussion, I'll explain the code snippets for manipulating images in ASP.NET and C#. Three in-depth examples will cover dynamic image generation, dictionary-based CAPTCHA style imaging, and Web services to return such images. Besides CAPTCHAs, this article will enhance our knowledge about .NET imaging libraries, on the fly image generation, and serving binary data using XML Web services.

CAPTCHA is an acronym for "Completely Automated Public Turing Test to Tell Computers and Humans Apart". As the name suggests, it's a test to distinguish the degree of being human. As defined on the CAPTCHA home page at the Carnegie Melon University School of Computer Science's Web site:

CAPTCHA is a program that can generate and grade tests that
Most humans can pass.
Current computer programs can't pass.

Print | posted @ Friday, February 13, 2004 3:40 PM

Comments on this entry:

# re: Great article on CAPTCHA on 15 Seconds today - Fighting Spambots with AI

by Jon Galloway at 2/13/2004 10:12 PM

Interesting - I'd seen the codeproject article, but this was a very good writeup of the current state of things. I'd assumed the OCR issues would be tackled quickly and the arms race would start.

I think the Pix idea (http://www.captcha.net/captchas/pix/) mentioned in the article is really interesting - that seems a lot more difficult for a computer to pass. Seems like (if the intellectual property issues were figured out) this could be done pretty quickly with a query to http://images.google.com.

The test idea raises some questions, too. Note that the problem statement is to present a test that <i>most</i> people could pass. At what point is the test too difficult for people? What's the acceptable failure rate? I just bought a computer over the phone with my credit card and they gave me a surprisingly difficult five question quiz based on my credit history, including addresses I'd lived at over 10 years ago. While I appreciate the protection, what happens if I fail? If I fail a Turing test, have I blown it as a person, or have I just been assimilated?