CAPTCHA stands for Completely Automated Public Turing Test to Tell
Computers and Humans Apart (Pinkas and Sander, 2002). In this scheme,
some challenge is put forward to the user while attempting to login. It has
been established that these challenges, for example a distorted and
cluttered image of a word with textured background, are easy for humans
to respond but rather difficult for computers (an online attacker is
essentially a programmed computer) to answer. Until recently, this scheme
was an effective countermeasure against online dictionary attacks.
However, due to recent developments in Artificial Intelligence and Computer
Vision, programs are available which can quickly interpret and answer these
challenges. EZ-Gimpy and Gimpy for example are word based CAPTCHAs
that have been broken by Greg Mori and Jitendra Malik of UC Berkeley
Computer Vision Group (Berkeley, 2004). Due to these developments, even
CAPTCHA is not considered to be a secure technique to prevent online
dictionary attacks.
A few major web based service providers who were earlier using the
CAPTCHA technique have now resorted to highly inconvenient account
locking in order to counter online dictionary attacks. Clearly, a better and
elegant method for solving this pressing problem is required.
Computers and Humans Apart (Pinkas and Sander, 2002). In this scheme,
some challenge is put forward to the user while attempting to login. It has
been established that these challenges, for example a distorted and
cluttered image of a word with textured background, are easy for humans
to respond but rather difficult for computers (an online attacker is
essentially a programmed computer) to answer. Until recently, this scheme
was an effective countermeasure against online dictionary attacks.
However, due to recent developments in Artificial Intelligence and Computer
Vision, programs are available which can quickly interpret and answer these
challenges. EZ-Gimpy and Gimpy for example are word based CAPTCHAs
that have been broken by Greg Mori and Jitendra Malik of UC Berkeley
Computer Vision Group (Berkeley, 2004). Due to these developments, even
CAPTCHA is not considered to be a secure technique to prevent online
dictionary attacks.
A few major web based service providers who were earlier using the
CAPTCHA technique have now resorted to highly inconvenient account
locking in order to counter online dictionary attacks. Clearly, a better and
elegant method for solving this pressing problem is required.
No comments:
Post a Comment