What Wiseguys’s wise guys did was to deceitfully purchase large quantities of the priciest tickets to the biggest events in American sports, music and show business and sold them to ticket brokers, who then sold the tickets to the wide public in higher prices, while the Wiseguys had earned $25 millions mark-up. To get over the captcha barrier put by large online ticket websites (which, naturally, want to maintain their good reputation and have no interest in wholesaling their tickets to brokers), the defendants has used captcha bots that were capable coping with both visual and audio captcha, as well as opened and managed hundreds of fictional domains and email addresses for this purpose.

Fighting Captcha Bots

The lesson learned here, that there are bots that can read and hear captcha, successfully and faster than the average human being, is not new. As captcha developers and online security experts are constantly working on strengthening and improving the captcha and adding extra security features, bots and spammers are growing more and sophisticated.

What can you do then, except follow the bots, learn their behavioral patterns and adjust the captcha and anti-spamming solutions correspondingly? For example, if research shows that bots can easily get rid of all the background noises, but have hard time interpreting scribbled texts, then prefer this captha:

over this:

The group took more than 300,000 captchas, all are examples taken from popular web companies such as Yahoo! and Google, and gave them to humans (native English speakers) to solve.
When the same captcha was given to three different human subjects, only 71% of the time they had agreed on the right answer.

If to be more specific, Study participants succeeded in solving Google’s and Yahoo!’s CAPTCHAs only 87% of the time, while the ones used by Microsoft were solved correctly only 80% of the time. In audio captcha testing (made for the blind) the results were even worth, as recognition was found to be “as low as 39% for Microsoft and 35% in Google’s case”.

These results support the saying that Captchas – originally designed to keep bots out of all kinds of online platforms and thus prevent spam – are sometime too hard not only for robots but also for humans to decipher.

There are 2 services of bot detecting by Pramana:
1. BotAlert – A free service that can report suspected bot traffic on a site.
2. BotBlock – A paid service  that identify bots and block their actions.
The cost of using the Bot Block service ranges from $19.99 to $299 per month.

The full article can be read here, on tech world news.
Too bad that Pramana CEO didn’t say anything about how they’re going to deal with decent bots like those of search engines…

Dal Net is just one example.
As was written on  IRC-Junkie website,  Dal Net, one of the IRC (Internet Relay Chat) networks has just added a “text Captcha” to their registration process – this text captcha present a question that has to be answered by human user (instead of deciphering alpha numeric distorted letters as requested by the original captcha we are all familiar with). The question could be something like “Mark’s name is?” and the answer should be:
NickServer/Registraion<password><email>mark.

The questions will be, of course, changed every week.

The reason they’ve added Captcha system is because they have noticed “increases in bots getting nicks and channels, holding them, and never releasing them… and it’s not fair to the average person that a bot gets a nickname before human does”.

By using Captcha they hope to ensure their services (such as nicknames, channels, chat rooms and so on) will be used by human beings first and not by bots.

We understand Microsoft doesn’t want bots and other machines to use its search platform, but people are getting tierd of captchas.
Why should one use a search platform that requires him to make more efforts than other search platforms (such as Yahoo search and Google)?
There’s no reason and thus Bing users may abandon Bing in favor of Google, yahoo or even Ask.com.

Looking for additional information on the topic?
Go to Econsultancy

when saying “emergence” we mean “the ability to visually gather fragmentary bits and synthesize them – often without color clues or clear boundaries – into simple objects, such as a rabbit or a dog”.

Too bad there was no example of this emerging figures test as I am surely would like to test my own ability of this new image recognition test.

What’s the connection between good and evil to Captcha?
Well, Captcha belongs to the “good guys”. It is based on the idea of assisting websites to filter automated bots and to enable registration to web sites for human being users. This small test of an image with distorted alphanumeric characters enables to tell apart humans and machines.

On the other hand stands a smart competitor, i.e, spammers, hackers, web sites that wish to promote ranking in S E O engines, who works hard by using bots to crack Captcha – not without success.

Abusing Captcha
Another variation of fighting Captcha is abusing it instead of cracking it.
The following information which came online a couple of monthes ago, under the headline “Paypal Fraud With Captcha” tells about a phishing URL of Paypal (Paypal allows  buyers on line to transfer money to merchant account without exposing his credit card while shopping), which asks for feedback on shopping on line, but before giving his feedback the user has to fill personal details: his name, e mail address and Paypal password. Afterwards, a Captcha test appears which users have to decipher and enter.

It’s so simple. Now the way to accumulate personal information and create faked accounts is free! No need for bots, no need for hard work, just exploiting good will of innocent users by the help of “good guys Captcha”…

By the way, the phishing URL has been blocked by “Trend micro Smart Protection Network”, so we have a happy end after all!

I’ve just read an article on online “Network World” by Brad Reed dated 10/01/09 saying that hackers have found a way to crack Facebook’s Captchas and create false accounts. Those accounts are used for spreading spy ware phishing credit cards and other valuable information from innocent users.

Those rogue accounts show a picture of a woman and the moment one clicks on her video profile – it activates the spyware.

Facebook states it’s doing its best to eliminate false accounts ‘though it’s not easy to detect them. As a matter of fact, anyone can bypass Facebook’s Captacha code simply by googling a Youtube video tutorial which shows step by step how to remove facebook’s Captcha’s code.

I guess the nice thing in this story is the fact that Facebook, the great social network, has joined Google, Yahoo and Hotmail – all targets for spammers attack.

Once again it has been proved that captcha should be improved constantly  if it’s into serving as a reliable spam blocker as well as a security system.

You can read more about Facebook Captcha Attack here

About phpBB
Since phpBB is released under the GNU General Public License the bulletin board software it offers is completely free
and is used for communities creation.