Wednesday, June 22, 2011

Captcha: Gangsta Rap

Sounds like the name of a rapper, to me anyway.  But, it has nothing to do with rap music and everything to do with security on the Internet.

So, what exactly is Captcha, or CAPTCHA to be technically correct?  Those pesky computer acronyms!  It stands for: Completely Automated Public Turing test to tell Computers and Humans Apart.  Turing test?  Why does one explanation always require another?  I'll explain turing test in a minute, but first...

The most simple explanation I can offer for Captcha is that it is those nearly impossible squiggly words a website wants you to type in order to validate your credentials.  The point of you having to type those squiggly letters is so that the system you are interacting with knows that the input got there by a human and was not machine generated.  Mail systems such as Gmail and Yahoo need to be sure that computers are not creating mail accounts.  A spammer could use a computer to create hundreds of phantom email accounts and program those accounts to send out their junk mail and malware.  And, with hundreds of fake accounts sending mail out all day and night it could cause legitimate users poor service or potentially other issues.

The point oh: As with virtually all security measures there is an amount of failure.  In the case of Captcha it has been that character recognition software continues to improve, humans can spend their time reading and entering Captchas at will if they like, and the exploitation of bugs and vulnerabilities in software.  Captchas have gotten slightly more complicated since first introduced, but remain crackable.

Now, about that turning test.  Turing means to have a human judge and a computer that appears to be human.  In the case of Captcha it is really a reverse turning test because the subject is human and the judge is the computer.  A human inputs data while a computer decides if a human entered it, or another computer.

That might be enough for one post to boggle the mind.  I strayed from mentioning the word "bot" in explaining how spammers would automate such a task as it might require another explanation.  Oops!  I just mentioned the word I wasn't going to mention.

I'll explain what a bot is in another post.  For now let's just enjoy some Gansta Rap.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.