CAPTCHAs: Are they really hopeless? (Yes)

Presented at DEF CON 16 (2008), Aug. 8, 2008, noon (50 minutes)

CAPTCHAs are widely used to protect websites against malicious robots. Yet, CAPTCHAs are being broken routinely by spammers, malware authors, and other nefarious characters. This talk will review and demonstrate many of the implementation weaknesses that are routinely exploited to break image-based CAPTCHAs, and offer suggestions for improving the effectiveness of CAPTCHAs. Rather than attempt an in-depth examination of any single CAPTCHA or technique, we will present a broad overview of tools with the aim of making it easy for anyone to take a shot at cracking the CAPTCHAs on present and future high-profile sites.


  • Scott Torborg - Web Application Developer
    Scott Torborg is a web application developer in Silicon Valley. Although equally at home with an oscilloscope probing an electromechanical lock or tinkering with javascript obfuscation, he is most likely to be found indulging vices.
  • Mike Spindel - Security Researcher
    Mike is a recovering graduate student with a penchant for security research and good bourbon. His interests include distributed systems, MANETs, reverse engineering, and physical access control.


Similar Presentations: