clipcaptcha – CAPTCHA Service Impersonation Tool

clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool. Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to...

Read the full post at darknet.org.uk

First there were CAPTCHAs, now there are GOTCHAs

An example of one of the "inkblot" images used by the GOTCHA system.

Luis von Ahn and colleagues developed CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) in early 2000 to help fight against computer-generated spam. The test requires users to type in letters from a distorted image to prove that they're human. This system worked great for years, but as with many things on the Internet, there's always a hacker who wants to break the system.

Hackers have found ways to crack the CAPTCHA system—one example involves tricking users into thinking they are entering a CAPTCHA at a completely safe website while the user’s input is used to access another site. So it's up to the computer scientists to figure out how to beat the hackers again.

That's exactly what a team of researchers at Carnegie Mellon University set out to do. (The team consisted of PhD student Jeremiah Blocki, professor Manuel Blum, and associate professor Anupam Datta) The system they developed is called GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), and it uses a user-provided password to generate several multi-colored inkblots, with the blotches distributed randomly.

Read 3 remaining paragraphs | Comments

13 Out Of 15 Popular CAPTCHA Schemes Vulnerable To Automated Attacks

This is not a real shock to be if I’m perfectly honestly, I only use reCAPTCHA whenever I need a CAPTCHA implementation for anything. And well even then, it’s not totally safe as apparently you can farm out your CAPTCHA cracking (those the fail the automated attempts) to India for a few dollars. It does [...]

Read the full post at darknet.org.uk