MySpace CAPTCHA seen as vulnerable

You know CAPTCHAS.  Probably see them every time you register on a website.
Written by Russell Shaw, Contributor on

You know CAPTCHAS.  Probably see them every time you register on a website.

Standing for Completely Automated Public Turing test to tell Computers and Humans Apart, they are supposed to be a barrier that fast bots cannot defeat. Fast bots that unencumbered, might place all sorts of XXX-rated streaming and Flash video on sites that wouldn't want any part of that.

Sites such as MySpace, for instance.

But now it appears that the anti-bot protections of some CAPTCHAS can be defeated. In fact, there's a site called OCR Research that maintains a list of breakable CAPTCHAS. OCR Research then harnesses that breakability in the service of selling its own CAPTCHAS.

MySpace is the biggest name on OCR Research's breakable CAPTCHAS list. That's a MySpace CAPTCHA at the top of this post.

"MySpace.com is a new giant, guys. But not in CAPCTHAs," reads OCR Research's findings. "Yes, must say, it's nice, and hard to beat, but color model is not the only way to separate specific chunks. It's possible to separate letter chunks from background chunks basing in it's parameters, firstly - position and shape."

Wikipedia describes defeat of distorted letter CAPTCHAS as a four-step process that may involve:

For CAPTCHAs with distorted letters, the approach typically consists of the following steps:

  1. Extraction of the image from the web page.
  2. Removal of background clutter, for example with color filters and detection of thin lines.
  3. Segmentation, i.e. splitting the image into segments containing a single letter.
  4. Identifying the letter for each segment.

Frankly, in a time where bad people would just love to harness bot tech to place gabs of X-rated multimedia on MySpace and other sites frequented by younger folks- news of these CAPTCHA vulnerabilities is rather ominous.

If not for CAPTCHAs, then how can we avoid the bad stuff from getting on these sites?

Ideas, anyone?

Editorial standards