A captcha (an acronym for "completely automated public Turing test to tell computers and humans apart") is a type of challenge-response test used in computing to determine whether or not the user is human.If you are planning on implementing a CAPTCHA system (wikipedia.org)

If you plan on using a CAPTCHA system, you must be aware of the numerous ways to defeat such a system. Apparently one of the guys that are constantly defeating CAPTCHA is Sam Hocevar . His PWNtcha website presents a huge collection of CAPTCHA systems which have been or are in the process of being defeated.

Sam designed a tool (closed source for good reasons) which is able to analyze and decode even the trickiest images.

PWNtcha is simply a toolkit of image manipulation functions, and a list of known CAPTCHAs with the associated list of image operations to apply in order to decode each of them. If I have never seen your CAPTCHA, then PWNtcha does not know about it, and there is absolutely no way it could decode it.

Update May 29:
A vulnerability has been reported in the CAPTCHA plugin for Geeklog, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Secunia has the details.

Are you aware of any CAPTCHA system which is not listed on this site ?

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!