How a trio of hackers brought Google's reCAPTCHA to its knees
http://cdn.arstechnica.net/wp-conten...m2-640x401.png The background noise added to the audio version of Google's reCAPTCHA didn't include high frequencies, making it easy for histograms like this one to pinpoint the six distinct words included in each challenge.
C-P, Adam, Jeffball
Google revamped its reCAPTCHA system, used to block automated scripts from abusing its online services, just hours before a trio of hackers unveiled a free system that defeats the widely used challenge-response tests with more than 99 percent accuracy.
Stiltwalker, as the trio dubbed its proof-of-concept attack, exploits weaknesses in the audio version of reCAPTCHA, which is used by Google, Facebook, Craigslist and some 200,000 other websites to confirm that humans and not scam-bots are creating online accounts. While previous hacks have also used computers to crack the Google-owned CAPTCHA (short for Completely Automated Public Turing test to tell Computers and Humans Apart) system, none have achieved Stiltwalker's impressive success rate.
"The primary thing which makes Stiltwalker stand apart is the accuracy," wrote Adam, one of the three hackers who devised the attack, in an e-mail. "According to the lead researcher from the Carnegie Mellon study, the system we attacked was believed to be 'secure against automatic attack,'" he added, referring to this resume from a Carnegie Mellon University computer scientist credited with designing the audio CAPTCHA.
Read more | Comments
http://feeds.feedburner.com/~ff/arst...5g:V_sGLiPBpWU http://feeds.feedburner.com/~ff/arst...5g:F7zBnMyn0Lo http://feeds.feedburner.com/~ff/arst...?d=qj6IDK7rITs http://feeds.feedburner.com/~ff/arst...?d=yIl2AUoC8zA
|All times are GMT -5. The time now is 08:07 AM.|
Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2014, nV News.