Captcha
Full list of my blog posts, publications and talks in category captcha.
Filter by
web security
The end is nigh: generic solving of text-based captchas
Publication WOOT 2014
Paper about a novel generic approach to solving captchas using a single step that uses machine learning to attack the segmentation and the recognition problems simultaneously. Our tests show that this approac is able solve all the real world captcha schemes evaluated including Yahoo (5.33%) and ReCaptcha (33.34%), without any adjustments to the algorithm or its...
web security
Easy does it: more usable captchas
Publication CHI 2014
This paper we describe how we designed a new CAPTCHA schemes for Google that focus on maximizing usability. Our new scheme which is now an integral part of Google sign-up and is served to millions of users, achieved a 95.3% human accuracy, a 6.7% improvement compared to the old one.
web security
The Art of Breaking and Designing CAPTCHAS
Talk RSA 2012
CAPTCHAs are used to thwart automated attacks because they are supposed to be much easier for people to solve than computers. But are they, really?
web security
How we broke the nucaptcha video scheme and what we propose to fix it
Blog post Feb 2012
NuCaptcha is the first widely deployed video captcha scheme. Since Technology Review interviewed me about NuCaptcha in October 2010, I have been working on evaluating its security and usability. In this blog post, I will discuss how we are able to break the current version of NuCaptcha with >90% success
web security
Text-based captcha strengths and weaknesses
Publication CCS 2011
Research showing how to attack text-based captchas and provide guidelines on how to design secure ones. These insights are based on sucessfull attacks againt 13 of the most popular captchas schemes we show how to
web security
The failure of noise-based non-continuous audio captchas
Publication S&P 2011
We show how using a generic approach, based on advanced audio processing and machine learning algorithm, our captcha breaker Decaptcha is able to break all the popular audio CAPTCHA schemes, including Microsoft and Yahoo.
web security
Five surprising captcha schemes
Blog post Mar 2011
Since I started doing research on CAPTCHA security two years ago, I have relentlessly collected samples of all the different schemes I have encountered. In this blog post, I want to share with you five of the most crazy, funny, and interesting schemes I collected.
web security
How good are humans at solving captchas a large scale evaluation
Publication S&P 2010
We perform a mass-scale user study on how people react to the 21 most popular captcha schemes (13 images, 8 audios). This study reveals that even the most popular captchas scheme are often difficult for humans, with audio captchas being particularly problematic.
web security
Decaptcha breaking 75% of ebay audio captchas
Publication WOOT 2009
This paper shows how Decaptcha is able to break eBay captchas with 75% accuracy. We show that using a custom breaker (75%) greatly out-perform state of art speech recognition system (1%)
