"Is It Human or Computer? Defending E-Commerce With Captchas"
IT Professional (04/05) Vol. 17, No. 2, P. 43; Pope, Clark; Kaur, Khushpreet
Captchas, which are puzzles or problems that humans can easily decipher but that computers cannot, are becoming a key defense for e-commerce systems against spammers and bots. Captcha stands for Completely Automatic Public Turing Test to Tell Computers and Humans Apart, and is modeled after the famous Turing test for distinguishing between men and machines, although the Captcha test is multisensory while the classical Turing test is conversation-based. The most generic type of Captcha consists of an image of seemingly random numbers and letters that are distorted to thwart optical character recognition. Ideally, the Captcha is resistant to brute-force attacks; compatible with completely automated processes for generating and evaluating tests; comprised of public code, data, and algorithms; and reliant on a totally random system of generation founded on the selection of files from an archive of numerous images, names, and other data. Captchas are used by many free email service providers to prevent the creation of accounts by automated scripts sent by spammers, and as a replacement for user accounts and passwords for pseudopublic files. Captchas can also make it difficult for Web spiders to index sites for search engines. Captchas come in several varieties, among them: Gimpy, a puzzle in which words are taken out of a dictionary and displayed in a corrupted image; Pix, which requires users to associate images of mundane objects with a single category or phrase; Baffle Text, which employs small, pseudorandom, pronounceable words; and Sound Captchas, where a random sequence drawn from recordings of simple words or numbers is combined and corrupted by noise and distortion, and must be correctly identified by users. Problems associated with Captchas include inaccessibility for disabled and visually impaired users, major hardware and software requirements, and only fairly difficult workarounds.
http://www.computer.org/itpro/promo1.pdf
This concept was actually discussed in my cryptography class. The concept of preventing brute force attacks like DOS-attacks on a website can be prevented for some time; however, these concepts can be broken if the patterns are learned. That is why it was suggested that changing the look, feel, and color and other traits are important.
No comments:
Post a Comment