Sunday, April 13, 2008

Defeating captchas

I don't endorse this, but Amazon's Mechanical Turk service could,
hypothetically, be used to defeat captchas all over the web. The
steps, as I see them are this:

Script an automated poster to fill out the registration process of
your choice.
At the captcha screen, queue up the captcha image in your own
application.
Using Mechanical Turk, distribute a very simple form to your willing
employees. The actual human completes the captcha.
Submit the text.

An enhancement might be to hash the image for future reuse. My guess
is that sophisticated sites have sufficient variation in their
captchas to defeat this.

I bet some version of this is being done as we speak. How much is a
registration worth to a spammer? In many countries a penny a captcha
might be good money.

\t : iPhone->you

No comments: