Month of Bugs in Captchas: project description
23:57 31.10.2007(I. Shevelyov)
There are a lot of different CAPTCHA in Internet now and many of them are vulnerable. They are not protecting from spam, because a lot of them can be bypassed. Captchas create only illusion of protection. So the time has come to look at real level of Captcha protection from automated activity.
Main purpose of the project:: to demonstrate the real state of Captchas’ security. There are vulnerabilities in Captchas (that mean that their developers insufficiently attend to security) and the community need to know about that. When they are knowing truth, web developers will can make reliable Captchas, and every owner of the site will can select the most reliable Captcha for his web project.
Participants of the project: different Captcha systems, which are using at many sites in Internet. Including built-in captchas and plugins for different engines and CMS.
Rules of the project: participation of Captchas in the project are voluntary. So I voluntarily chose participants for the project . Each day I will publish holes in single Captcha. Also there were planned bonus publications, including articles. And at 1st of December I’ll sum up the project. In the project will be demonstrating vulnerabilities only in Captchas (in their algorithms). Such methods as OCR and using hired people for their filling in will not be considered - only vulnerabilities in Captchas themselves.
Results of the project: improvement of protection from automated posts, improvement of security of Captchas and Internet as a whole.