Re: Defeating CAPTCHA

To the list,

  What if you used a combination of random images linked by tag name 
ontologies with a random font overlayed on the image used in a synonymic 
fashion?

  For instance a picture of our planet, with text overlaid something like 
"3rd Rock From the Sun", "Home" or "Planet" with a question like What Would 
You Call This?

  The answer expected to be a case insensitive "Earth" (definitely not a 
pre-build select list like some systems I've seen).

  It seems that a large enough vocabulary linked by tags to another large 
collection of easily humanly-recognizable pictures would be hard for 
computer cognitive processes to succeed.

  W Fonts x X Images x 3Y Tags => Z Words seems like it could be extremely 
large, but it is late :)

  This of course is not considering the other problems with CAPTCHA, such 
as accessibility or DOS attacks, just interested in what other people might 
think about this approach, and it's possible attacks.

Thanks,
  John

> This was linked off of slashdot 
> (http://it.slashdot.org/article.pl?sid=05/08/24/1629213&tid=172&tid=95)
> and explains some of the ways people are breaking CAPTCHA 
> (http://en.wikipedia.org/wiki/Captcha) based systems.
>
> http://sam.zoy.org/pwntcha/
>
> - Robert
> robert_at_webappsec.org
> http://www.cgisecurity.com

--
/* Steelesoft Consulting     John Steele - Systems Analyst/Programmer
 *  We also walk dogs...  Dynamic Web Design, PHP/MySQL/Linux/Hosting
 *  http://www.steelesoftconsulting.com/
 */