3D CAPTCHA
Slashdot posted an interested article yesterday about a new form of CAPTCHA. Rather than solving math problems or trying to read obscured text, this method requires users to compare objects in 3D space. In the example I saw (http://www.yuniti.com/register.php) three objects were displayed and the user had to match each of them to a corresponding object, selected from a list. The corresponding image depicted the same object, however it was oriented differently.
Though this is a unique approach and I’m sure it will deter the spam bots for a while, given how it appears now, it is not to difficult to image some algorithm being able to match these images. For instance, if you took the original image and overlaid it on each of the images from the list and, using the amount of non-overlapping area as a performance measure, begin applying some transformation (even simple 2D rotation) you would soon find that the corresponding image has the highest performance among all of the images in the list.
Some possible improvements to prevent this kind of attack:
- Rather than having the objects appear independently, overlap them slightly.
- Choose images that are irregular, meaning that they appear differently on one side than on another, but to a person, are still recognizable on either side. A light bulb for instance is a bad choice because it is regular.
- Set traps; put images in the list that are similar in shape and size, but clearly different to a person.
Slashdot Article: http://it.slashdot.org/article.pl?sid=09/03/27/2332253&art_pos=1