Decoding reCAPTCHA

Presented at DEF CON 18 (2010), Aug. 1, 2010, 2 p.m. (50 minutes).

Due to the prevalence of spammers on the internet CAPTCHAs have become a necessary security measure. Without a CAPTCHA in place a system is incapable of knowing whether a human or an automated computer is executing a request. Currently one of the most widely implemented versions of this system is Google's reCAPTCHA due to its robustness thus far. This paper illustrates techniques to defeat this system which has been trusted to secure websites such as Twitter, Facebook, Craigslist, and many others, as well as methods to secure it further. The efficacy of the techniques outlined herein is at a very conservative figure of ten percent, which is more than enough for an applicable exploitation of the system.


Presenters:

  • Chad Houck
    Chad Houck graduated in 2010 from Oakland University in Rochester, MI with a bachelor's in computer science and engineering. He has over a decade of programming, networking, and security experience and quite a bit of experience working with electrical circuits and micro-controllers. He also is a registered ham radio operator having obtained his extra class license in 2010 with the call sign of 'AC8FM'. He and his business partner run a company dealing with online marketing and freelance security. For further details please visit ziggee.org or for his own personal site please visit the dilapidated n3on.org.
  • Jason Lee
    Jason Lee is a programmer, researcher, and consultant who works in the area of security and marketing. He and Chad Houck run their own company (Ziggee) which develops autonomous systems for niche market analysis, web development, advertising, search engine optimization, security and statistical analysis. He is currently completing an information technology for homeland security associates degree at Oakland Community College. He also is a registered ham radio operator having obtained his general class license in 2010 with the call sign of 'KD8MWZ'. For more information please visit ziggee.org

Links:

Similar Presentations: