Casey Chesnut
claims to have used AI to reliably crack CAPTCHA.
I don’t know whether he really did; he doesn’t provide his code to try, nor any other evidence except websites where he’s
posted comments, which of course he could have done by eyeballing their CAPTCHAs.
But if he didn’t, somebody probably will soon.
What then?
Seems to me like yet another example of how technological security will fail eventually, and then risk management is needed. In this case, part of the risk management may be reworking how comments work yet again.
-jsq
the plan was to release the code, but i got into too much trouble … so i did not. alternate proof, check the timestamps of the comment spam, and compare that to the # of comment spam left. then figure out if a human could have performed that quickly
Good point, Casey.
And there’s also the outsourced comment spam method:
http://riskman.typepad.com/perilocity/2006/11/outsourced_blog.html
One way or another, CAPTCHA won’t last forever.
-jsq
I think Captcha has being broken for a while.
http://www.cs.sfu.ca/~mori/research/gimpy/
Gimpy is one of the most well-known research on that.
I will see your CAPTCHA and raise you $0.60 (the price to outsource CAPTCHA circumvention)
http://1raindrop.typepad.com/1_raindrop/2006/09/outsourced_capt.html