Imperva Warns of Flaws in CAPTCHA Security

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to a recent report [PDF file] from Imperva, Inc., CAPTCHAs can be easily circumvented using computer-assisted tools and crowdsourcing.

"The comprehensive 12-page report explores a number of CAPTCHA-solving products that offer 27 percent to 100 percent success rates -- and work across CAPTCHA implementations from dozens of vendors," writes FierceCIO's Paul Mah. "This is done using a mixture of optical character recognition and machine learning technologies. Another popular method to defeat CAPTCHAs involves outsourcing them to real human beings. Indeed, such services are often advertised online at attractive rates."

"But there are some innovative efforts," writes VentureBeat's Meghan Kelly. "Imperva says that CAPTCHAs, in order to be more user-friendly, but equally as complex for a computer to unlock, should be delivered in the form of games. One company is creating CAPTCHAs that ask you to move various facial features (such as eyes, noses, and ears) to the right places on a face."

"CAPTCHA security, like many other security segments, is a battle of innovation between hackers and security professionals," Imperva CTO Amichai Shulman said in a statement. "CAPTCHA security must be balanced against a positive user experience, but can readily be improved by deploying anti-automation solutions to help prevent hackers from employing anti-CAPTCHA tools."

Submit a Comment

Loading Comments...