CAPTCHAs are those little graphic boxes with distorted-but-visible number and letter combinations that you’re asked to retype in order to authenticate that you are a human being with eyeballs, not an software bot out to hack a site, spam a site, etc. The acronym stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”
Some folks use CAPTCHAs on their blogs to block comment spammers, and it’s been pretty effective. I mean, you can do comment spam manually, but that’s awfully labor intensive vs. using spambots (and unprotected sites). While accessibility folks have argued that CAPTCHA is an awful idea in a world with visually-impaired people, etc. (and, in fact, some CAPTCHAs are difficult for the unimpaired to decipher), it’s been a fairly popular option. It’s even one I’ve toyed with.
But now comes “PWNtcha” (Pretend We?\’re Not a Turing Computer but a Human Antagonist), a software project to learn to read and decode CAPTCHAs — with published success rates of up to 100%. It’s not out in the wild yet, but believe it that if the Black Hats decide there’s value in breaking past CAPTCHAs, they’ll be able to do it.* That doesn’t mean it’s useless security — a determined burglar can get past your deadbolt, but it may deter a more casual one who moves on to easier pickings — but its value is likely to decrease over time.
*Other than the documented approach of republishing them as admissions on pr0n sites and getting customers to unwittingly key them in.
(via BoingBoing)