Captcha = Computer Anal Probe To (confuse) Computers & Humans Alike
Captchas are those stupid forms you have to answer when you get a new email address. Most of them are like trying to read the newspaper after a modest dose of LSD. I like how this one gets creative with it.
Some people use a newer (and weaker, it would seem) type of captcha, where the reader has to perform a menial task in order to procede. Math is a pretty common challenge, although it’s usually more trivial than this!
The problem, dear reader, is this. Spammers began to take advantage of every free service on the internet in one form or another. Blogs are targets for comment spam, designed to bring people and search engines to another site. Wikipedia uses them to keep people from doing same, when adding references. Hotmail uses them to prevent the proliferation of viagra in your inbox. The solution, for the past 10 years or more, has been to “challenge” readers to prove their humanity.
Remember eating magic mushrooms (with chocolate or iced cream to disguise the taste!) and seeing things like this? The gradients in this picture are designed to stand up to a particular attack. A software can examine the image pixel by pixel and look for ones that don’t match the background color. But a gradient means there is no background color! But even the appearance of a background is skewed in a way that makes me feel dizzy.
But making a computer “read” a captcha the way a person would is only one way to break the things. Spammers have long known a easier way, because spammers are a lazy people. They prefer to download a collection of pornography, then upload it into a script making a membership only porn site. Memberships are given away for free, but to activate them requires solving a captcha. See where this is going? Web surfers who want porn do the “hard” work solving the puzzles. Spammers record the answer along with the image in a database, then the next time their software is challenged with the same image, they pull the answer from the database. This is less work (meaning more ROI) than even making a script to execute the math problem (usually something like 4+3) for a simple test we’ve described earlier.
What all this means is that captchas are broken, so don’t rely on them if you need security!