OCR Research Team

• Home
• TEABAG_3D
• OCRing
• List of Weakness
• Reading

List of weakness

Friendster

Found at: http://www.friendster.com/join.php
This is a very large and famous social network. CAPTCHA is a hn free CAPCTHA with something a bit updated. Well, result is still the same. OK, they get 3 stars, but that's all.

MySpace.com

Found at http://signup.myspace.com/index.cfm?fuseaction=join MySpace.com is a new giant, guys. But not in CAPCTHAs. Yes, must say, it's nice, and hard to beat, but color model is not the only way to separate specific chuncks. It's possible to separate letter chuncks from background chunks basing in it's parameters, firstly - position and shape.

hn free CAPTCHA

This is a free php-class for generating CAPTCHA-images, found at http://www.nogajski.de/horst/php/captcha/. This is one of the free CAPTCHA scripts from great service phpclasses.org, but unfortunately this class is not as great as service. Well, all I want to say is that many CAPTCHA-creators thinks that getting a lot of ttf-fonts, and spinnig letters with different colors is enough to create good CAPTCHA. And, for sure, this approach is easy to implement - writing lettes with ttf-font in different angle is the only font operation which GD PHP library allows. So, why this CAPTCHA is weak? Because a lot of fonts plus turned letters NOT EQUAL good CAPTCHA. Color model is ugly, anyone believes that it's hard to sepatare lettes from background? Writing OCR for this CAPTCHA is only a task of getting correlational masks for each letter (0-9A-F = 16) for each font. A task for one evening.

Liveinternet.ru

Found at: http://www.liveinternet.ru/journal_register.php
Well, a little bit harder. But the noise is easy to remove, then we have the same situation - same font, size, position...

freehosting.myplace.com

Found at: http://freehosting.myplace.com/
Still wery weak CAPTCHA - same font, same size, same position.

Human Verify series

Found at: http://www.humanverify.com/genDemo.asp
This CAPTCHA is implemented in more then 200 sites. For example: http://frontpage.velocity.net/yanc/verification.htm
http://www.selfhealingexpressions.com/cgi-bin/links/links.cgi?action=add_link
http://dot.servehttp.com/home/register.asp
http://www.naomihall.com/links.shtml
All these sites are running the risk of some spamm messages of other automated access.

paypal.com

Found at: https://www.paypal.com/cgi-bin/webscr
Yes, that's true. Paypal.com took only two-star-complexity. It has a weak CAPTCHA with all classical weakness - poor color model, bad noise, one font at one size.

Weak CAPTCHAs

• All
• SMS
• e-mail
• filehosting
• ICQ
• Other

F.A.Q.

Q: What does this list include?
A: This is the list of CAPTCHAs we found, which are easy to break, and we are either already broke it or we are absolutely sure we can do this.

Q: What do you mean telling "broke"?
A: This mean that we have working application which takes image and outputs the text written on it with accuracy which allows to make automation process reasonable (or we sure we can do this).

Q: Can you check CAPTCHA on my site and tell me it it's secure enough?
A: Yes, we can. Contact us.

Home TEABAG_3D CAPTCHA List of Weakness OCR Demo Thinking of CAPTCHA
© OCR Research Team, 2004-2006. No use of site materials is allowed without webmaster's approve.
Design by N.O.D.