New Attacks on CAPTCHAs
Nice research: Abstract: We report a novel attack on two CAPTCHAs that have been widely deployed on the Internet, one being Google's home design and the other acquired by Google (i.e. reCAPTCHA). With a minor change, our attack program also works well on the latest ReCAPTCHA version, which uses a new defence mechanism that was unknown to us when we designed our attack. This suggests that our attack works in a fundamental level. Our attack appears to be applicable to a whole family of text CAPTCHAs that build on top of the popular segmentation-resistant mechanism of "crowding character together" for security. Next, we propose a novel framework that guides the application of our well-tested security engineering methodology for evaluating CAPTCHA robustness, and we propose a new general principle for CAPTCHA design....
Source: Schneier on Security - Wednesday, 12 October, 2011
Related articles:
- Older News
- 4Vote! Stanford research team cracks animated NuCaptcha
PhysOrg - Wednesday, 22 February
- 6Vote! Captchas
Schneier on Security - Friday, 10 February
- 22Vote! Emotional impact of 9/11 attacks seen in brain's response to negative visual images
- 42Vote! Spear Phishing Attacks from China Against Gmail Accounts
