LONDON, 22 OCTOBER 2010 - A security company called NuCaptcha is incorporating advertising into a video CAPTCHA system that is much harder for computers to break.
CATPCHA stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart." It was developed to thwart Web annoyances such as spam and false account registrations, among others. It uses a box of jumbled letters that humans must decode to allow, for example, a registration to proceed.
When CAPTCHAs were first introduced, it was difficult for optical character recognition (OCR) technologies to break them. Over the last few years, that has changed, and CAPTCHAs are much less effective.
In order to halt automated CAPTCHA solving programs, the puzzles have been made more difficult to solve, so much so that many are nearly unreadable to humans as well.
"The bottom line is that the static image CAPTCHA technology that dominates the Web today is simply maxed out," said Michel Giasson, CEO and founder of NuCaptcha.
NuCaptcha does CAPTCHAs but with a twist: rather than a static box of text the system runs the text as a streaming banner within a video. The movement of the text throws off automated CAPTCHA-solving software. The text also does not have to be obscured as much, making it much easier for people to read and likely to keep users on the website.
Greg Mori, an associate professor at the School of Computing Science at Simon Fraser University in British Columbia, Canada, has reviewed NuCaptcha. He wrote in a three-page review that he was so impressed with the product he joined NuCaptcha's advisory board.
Humans "innately decode motion all the time," Mori wrote in his endorsement. "By animating the positions of letters in a NuCaptcha, it is simultaneously easier for humans and more difficult for software. It becomes more difficult for software to segment because NuCaptcha can pack the letters closer together with significant overlap. This commingling of letters is very difficult for software to segment."
NuCaptcha hasn't been immune to attacks, said Christopher Bailey, the company's CTO and founder. But it has built-in defense mechanisms.
NuCaptcha has a back-end behavioral intelligence system that records how a user -- or possibly a software program -- is interacting with the CAPTCHA. If it appears the website is being abused, such as when 1,000 CAPTCHAs are solved in rapid succession, the text that needs to be read can be speeded up, the letters can be blended closer together, different fonts can inserted, and the color of the text can be modified, among other techniques, Bailey said.
Human errors in reading CAPTCHAS tend to be more consistent, such as when a person types a letter on a keyboard that was right next to the correct letter, Bailey said. Automated CAPTCHA readers don't do that, he said.
Sign up for Computerworld eNewsletters.