BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Talks.cam//talks.cam.ac.uk// X-WR-CALNAME:Talks.cam BEGIN:VEVENT SUMMARY:The robustness of CAPTCHAs - Jeff Yan\, Newcastle University DTSTART:20081121T160000Z DTEND:20081121T170000Z UID:TALK15132@talks.cam.ac.uk CONTACT:Andrew Lewis DESCRIPTION:No matter whether you like or hate it\, CAPTCHA has found wide spread application on numerous commercial web sites - it is now almost a s tandard security mechanism for defending against undesirable or malicious Internet bot programs. \n\nThis talk introduces our recent work on attacki ng numerous widely deployed CAPTCHAs. I will present new techniques of gen eral value to attack a number of text CAPTCHAs\, including the schemes des igned and deployed by Microsoft\, Yahoo and Google. In particular\, the Mi crosoft CAPTCHA has been deployed since 2002 at many of their online servi ces including Hotmail\, MSN and Windows Live. Designed to be segmentation- resistant\, this scheme has been studied and tuned by its designers over t he years. However\, our simple attack has achieved a segmentation success rate of higher than 90% against this scheme. It took on average ~80 ms for the attack to completely segment a challenge on an ordinary desktop compu ter. As a result\, we estimate that this CAPTCHA could be instantly broken by a malicious bot with an overall (segmentation and then recognition) su ccess rate of more than 60%. On the contrary\, the design goal was that au tomated attacks should not achieve a success rate of\nhigher than 0.01%. F or the first time\, our work shows that CAPTCHAs that are carefully design ed to be segmentation-resistant are vulnerable to novel but simple attacks .\n\nOur experience suggests that CAPTCHA will go through the same process of evolutionary development as cryptography\, digital watermarking and th e like\, with an iterative process in which successful attacks lead to the development of more robust systems. \n \n LOCATION:Computer Laboratory\, William Gates Building\, Room FW11 END:VEVENT END:VCALENDAR