The Register® — Biting the hand that feeds IT

Feeds

Animated CAPTCHA tech aims to fox spambots

Wiggly words will weduce web wexation

By John Leyden, 1st July 2010
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Replacing text puzzles featuring distorted letters with videos as a roadblock against the automated creation of web accounts can reduce user frustration while offering improved security, according to a Canadian start-up.

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) have been used for some years to prevent the automated sign-ups to webmail accounts and the like. Users typically have to identify distorted letters depicted in an image. Over the years miscreants have devised techniques to break the process in order to create ready-to-spam accounts from reputable providers that are far less likely to be automatically blocked.

The sign-up for new accounts is automated, but solving the CAPTCHA puzzles themselves is tasked to the human cogs in 21st century sweatshops, often based in India, where workers are paid as little as $4 a day to defeat security checks.

Canadian firm NuCaptcha aims to rewrite the rules of account validation checks with a new video-based CAPTCHA system. Users are asked to identify moving text on a video background. The firm also offers a voiceover audio option for the partially sighted or colour-blind.

The technology is designed to work on a range of computing devices including hardware that doesn't support Flash, such as iPads, ReadWrite Web reports.

NuCaptcha reckons the technology is easier to use than traditional text-based CAPTCHAs, which have a 25 per cent registration abandonment rate, according to one recent academic study. The firm also claims to be able to detect automated attempts to solve its puzzles, throttling the speed of videos and making puzzles trickier to solve in cases of suspected abuse, as explained below.

Animation enables NuCaptcha to increase security features such as closely packing letters together; creating text that is very difficult for software, specifically Optical Character Recognition, (OCR) to solve compared to current products in the field. In contrast, the animation makes the CAPTCHA far easier for humans to solve, because humans are attuned to perceiving motion.

In addition, the NuCaptcha Platform utilizes behavioral intelligence to deliver very easy CAPTCHAs to legitimate users and increasingly difficult CAPTCHAs to attackers.

The first product on the NuCaptcha Platform, NuCaptcha Basic, a freemium security service for websites and blogs that offer up to 25,000 CAPTCHAs per month, was launched on Wednesday.

More details of the technology can be found on the NuCaptcha website here. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (35)
Highly Rated
Aaron Em

Doesn't seem to solve the problem

That's nifty and everything, but if the problem is that people are using sweatshops full of *people* to circumvent the CAPTCHAs, and the proposed solution is one which would make CAPTCHAs a lot harder for bots but not even a little harder for humans, then I think I see a slight problem with the whole idea.

12
0
Cliff

What's wrong with a server-side imagemap?

Remember imagemaps? Fallen from favour, but 'click the only circle inside a triangle' or similar tests are easy to parse for a human, damn hard for a computer, and all the processing is server-side for the imagemap.

Not sure how to make it blindness-proof, but it would cover the bulk of cases quickly, easily and un-OCR-ably

3
0
asdfafas

Fail! Looks trivially easy to break.

This looks like an extremely poor captcha.

You can easily strip out everything (animated background, extra characters) except the characters you want just by filtering on the color red! Oops!

The text also follows the exact same path each time meaning there are are a couple of predictable places where the red text is actually almost aligned normally. It even uses a constant font!

I don't know for sure but I doubt you even need to OCR this.. if you can attach some kind of flash debugger (run it under a modified gnash?) to the animation as it's running you can proabably just hook into the function that draws red text!

3
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19