Szerteszana²

Why horny people are security risks

Those websites who serve data to the public but not to data gathering robots (programs), or those who would like to keep people who register there to be humans often try to achieve this goal by using CAPTCHAs: methods conceived tobe able to differentiate between a human and a machine, usually requiring associative and patter recognition skills which relatively easy for humans (well, at least for that approximately 40% possessing enough intelligence anyway) and supposedly hard for computers. You know those distorted, hard to read words you have to recognise and type, sometimes moving letters, sometimes even graphical images and other image recognition tricks. Computers are usually pretty bad to recognise distorted letters, especially if it contains mixed font, handwriting and extreme calligraphy.

However sysadmins know that these methods are not perfect, and while they usually stop the general bunch of lowlife vermins to be able to illegally utilise someone else's resources they often fail to stop the advanced attacker.

Admins answer by using "stronger" CAPTCHAs: they distort the letters more, use colors, use letters not related to the "solvable" problem; but after a while it becomes obvious that the real human users of the site fail more and more percent of the tests while determined attackers seem to be able to get through in much higher precentages.

Some admins just don't understand how. Are the character recognition methods became so good? Are the analyser programs so smart, the dictionaries so perfect? Or maybe... someone's cheating?

Enter porn. You know, those websites which offer naked genitalia for the public. Since genitalia is unfortunately connected to those humans, and offering them on the 'net uses up pretty high resources it's normal that they ask for money. But horny John Doe don't want to pay (maybe can't, either) so they prefer free porn of course. They are not surprised then that the website have to make it sure that porn get digested by the noblest of the noble, the human being, and that they have to checkit by using a captcha: you prove us you're human and we give you pictures of cheap whores. Fair, requires only a few letters to type.

It is not surpising then to mention that these CAPTCHAs are usually the same as those put up by the aforementioned sysadmins who wonder how the machines solve them so easily.

Machines are not getting much smarter but people would do anything for a virtual fsck. :-)

And a sidenote to admins: watermark your CAPTCHAs with the url and name of your site, so the porn guys at least know whose puzzles they're solving to get the material.