CAPTCHAs: Are they really hopeless? (Yes)

Presented at DEF CON 16 (2008), Aug. 8, 2008, noon (50 minutes).

CAPTCHAs are widely used to protect websites against malicious robots. Yet, CAPTCHAs are being broken routinely by spammers, malware authors, and other nefarious characters. This talk will review and demonstrate many of the implementation weaknesses that are routinely exploited to break image-based CAPTCHAs, and offer suggestions for improving the effectiveness of CAPTCHAs. Rather than attempt an in-depth examination of any single CAPTCHA or technique, we will present a broad overview of tools with the aim of making it easy for anyone to take a shot at cracking the CAPTCHAs on present and future high-profile sites.

Presenters:

• Mike Spindel - Security Researcher
  Mike is a recovering graduate student with a penchant for security research and good bourbon. His interests include distributed systems, MANETs, reverse engineering, and physical access control.
• Scott Torborg - Web Application Developer
  Scott Torborg is a web application developer in Silicon Valley. Although equally at home with an oscilloscope probing an electromechanical lock or tinkering with javascript obfuscation, he is most likely to be found indulging vices.

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#Spindel
• https://infocon.org/cons/DEF CON/DEF CON 16/DEF CON 16 video/DEF CON 16 - Mike Spindel - Captchas - Are they Hopeless Yes - Video.mp4
• https://www.youtube.com/watch?v=kI6j5wpEvVg

Similar Presentations:

• DEF CON 23 (2015) / Separating Bots from the Humans
• The Eleventh HOPE (2016) / CAPTCHAs - Building and Breaking
• DEF CON 15 (2007) / Black Ops 2007: Design Reviewing The Web