Tuesday, November 27, 2007

Has CAPTCHA Been "Broken"?

Source: http://www.codinghorror.com/blog/archives/001001.html

Programmers don't seem to understand what makes a CAPTCHA difficult to "break". But it's not difficult to find out. Heck, the hackers themselves will tell you how to do CAPTCHA correctly if you just know where to look. For example, this Chinese hacker's page breaks down a number of common CAPTCHAs , and the price of software he sells to defeat them at a certain percentage success rate:

the9
100%
$500
captcha-decoder-1.png
dvbbs
95%
$1,000
captcha-decoder-2.png
Shanda
90%
$1,500
captcha-decoder-3.png
Baidu
80%
$3,000
captcha-decoder-4.png
eBay
70%
$4,000
captcha-decoder-5.png
Ticketmaster
50%
$6,000
captcha-decoder-6.png
Google
(unbreakable)
captcha-decoder-7.png
Hotmail
(unbreakable)
captcha-decoder-8.png
Yahoo
(unbreakable)
captcha-decoder-9.png