You all know about captchas. Those annoying little things that are supposed to make it possible for computers to know if we’re really real or computer real?
I read that while a bunch of programs have been made to mathematically break them, a sure fire way is to pay people. Apparently they pay people in low income areas and third world countries, $2.00 for each 1,000 captchas cracked.
This is my question. How do they used a cracked captcha?
I mean let’s say the image says
ANDY LEE
I type it in and it’s correct.
OK so what? What’s the next step. So I get into a place, but how does that informaton get stored into a captcha decoding program?
And as a back up question has Google’s re-Captcha been cracked. I Googled this and see varying results. Some say yes, but Google says no. Of course they’d say no. I saw one site claim that their method cracked 16% of Google’s captchas but so what? That’s not a lot, is it?
A person tries to log on to a site, and is presented with a captcha, generated from two sources. One is a simple graphic program that creates a (mildly) scrambled graphic, the other is an actual graphic from a source that the designers are trying to crack. When the user enters the plain text, if the simple graphic matches what others have entered, it is assumed that the entry to the second part is probably valid, and that can be used to crack the site.
And you don’t have to pay people to do this. Just put the procedure on a site that has a lot of first-time visitors. They don’t know that their mind and labor are being used for other purposes.
It doesn’t. The manual unlocking is part of a spambot process.
The bot tries to log into a site and encounters a captcha. That captcha is displayed for a human somewhere. Once he/she completes the captcha, the spambot does its thing.
No, because the people would have to break the captcha AND then leave the spam. And when a site is spammed, it is spammed. (Spammed, spammed, spammed, spammed.) They sometimes leave like 20 messages on a single message board. It would take a human several minutes to do that.
Sometimes there’s demarcation, in the sense that humans will complete a signup process to create an account, including a captcha and several other steps, and those login details are then used by a spambot to (for example) send forum spam.
There are also APIs that allow spambot authors to distribute captchas to humans for solving - the spambot passes an image link to the API, and some time later the API returns a string containing the answer.
You don’t need to pay people. Someone put up a site with a picture of an attractive young woman that promised to show her taking off her top if you interpreted a CAPTCHA. You can get people to do it for free. I suspect it won’t be long before they can be interpreted by machine anyway. There will be a nostalgia thread before too long that contains a ‘Remember those funny CAPTCHA things?’ line.
It’s an old story from 2007, and it may never have been used malevolently. But it points out the weakness in this kind of security. It’s very easy to get human input into a system using it as a means of detecting bots. Kind of a modern take on Tom Sawyer’s fence.
I solve captchas for free. Whilst it’s likely they’re being used for the same purpose I’m using them (to download files from file storage sites), they could spammers.
I don’t think the spammers stored solved captchas in a captcha-decoding bank. I was at a seminar once with Luis von Ahn (one of the guys who invented captchas) who explained that spammers have bots who register email addresses, for instance, and whenever they hit a captcha the captcha is relayed to a person in China, Bangladesh, etc. who solve the captcha. The information is sent back, and the spambot can activate the email address and start spamming people.
I was using this place at first, they pay you as well but it wasn’t worth it to me. They had a plugin though that was supposed to automatically enter captchas into Jdownloader as long as you had entered some on the website or program before hand. I never could get it to work though. http://captchatrader.com/