|
|
|||||
|
||||||
|
My Yahoo! account continually asks me to solve a CAPTCHA. Can you help me? Yahoo! uses CAPTCHAs based on technology created in part at Carnegie Mellon University. However, Carnegie Mellon University does not decide how CAPTCHAs are used by Yahoo! or other companies. Click here to contact Yahoo! for all questions and concerns regarding their email services. Should websites use an audio CAPTCHA as well as a visual one? Absolutely! Audio CAPTCHAs help visually impaired individuals navigate the Web easily. A CAPTCHATM is a program that can generate and grade tests that most humans can pass, but current computer programs can't pass. For example, humans can read distorted text as the one shown below, but current computer programs can't:
Test drive a CAPTCHATM:
ESP-PIX
|
Gimpy
Since CAPTCHAs are based on open problems in artificial intelligence (AI), they also offer well-defined challenges for the AI community, and induce security researchers, as well as otherwise malicious programmers, to advance the field of AI. (This is similar to research in cryptography advancing algorithms for factoring large numbers.) Several groups have created programs that can pass many CAPTCHAs over 80% of the time (see below). These algorithms represent significant progress in the area of text recognition. CAPTCHAs are thus a win-win situation: either a CAPTCHA is not broken and there is a way to differentiate humans from computers, or the CAPTCHA is broken and an AI problem is solved. Using harder AI problems, our newly developed CAPTCHAs are still not broken. Greg Mori and Jitendra Malik of the University of California at Berkeley have written a program that can solve ez-gimpy with accuracy 83%. Thayananthan, Stenger, Torr, and Cipolla of the Cambridge vision group have written a program that can achieve 93% correct recognition rate against ez-gimpy, and Malik and Mori have matched their accuracy. Their programs represent siginifcant advancements to the field of computer vision. Gabriel Moy, Nathan Jones, Curt Harkless, and Randy Potter of Areté Associates have written a program that can achieve 78% accuracy against gimpy-r. We therefore consider the gimpy-r challenge to be broken. Congratulations to Gabriel, Nathan, Curt and Randy! More challenges will come soon. CAPTCHATM tests have several applications for practical security, including (but not limited to):
Free Email Services. Several companies (Yahoo!, Microsoft, etc.) offer free email services. Most of these suffer from a specific type of attack: "bots" that sign up for thousands of email accounts every minute. This situation can be improved by requiring users to prove they are human before they can get a free email account. Yahoo!, for instance, uses a CAPTCHATM test of our design to prevent bots from registering for accounts. Search Engine Bots. It is sometimes desirable to keep webpages unindexed to prevent others from finding them easily. There is an html tag to prevent search engine bots from reading web pages. The tag, however, doesn't guarantee that bots won't read a web page; it only serves to say "no bots, please". Search engine bots, since they usually belong to large companies, respect web pages that don't want to allow them in. However, in order to truly guarantee that bots won't enter a web site, CAPTCHATM tests are needed. Worms and Spam. CAPTCHATM tests also offer a plausible solution against email worms and spam: "I will only accept an email if I know there is a human behind the other computer." A few companies are already marketing this idea. Preventing Dictionary Attacks. Pinkas and Sander have also suggested using CAPTCHATM tests to prevent dictionary attacks in password systems. The idea is simple: prevent a computer from being able to iterate through the entire space of passwords. The CAPTCHATM Project is a project of the School of Computer Science at Carnegie Mellon University. It is funded by the NSF Aladdin Center. © 2000-2005 Carnegie Mellon
University,
All
rights reserved.
|