rss
 
comment(s)

archives
J|F|M|A|M|J|J|A|S|O|N|D
(20##) 10 9 8 7 6 5 4 3 2 1 0 <
 
DesktopWeb FormText   kittenAuth is cute, but thats allSat, 15 Apr 2006 03:36:06 GMT # 

so i'm tired of hearing about KittenAuth. here are ways to beat it : 1) object recognition, which actually processes an image and tries to determine if the image contains a kitten (the AI guys are getting better with this). 2) image fingerprinting, either based on file or image content (this is easy). 3) social engineering, provide free porn and somebody will crack it for you (easy). 4) amazon mechanical turk, for cheap labor. 5) bot guessing, combined with image fingerprinting, because 1 out of 84 means nothing to a bot (or team of bots).

the weakness is the # of images. right now it only has something like 32 images. if you read the comments regarding it somebody already hashed all those images and manually marked the ones as kitten. so consider the sample beaten. the way to make it tougher is to throw in tons of images. search for 'kittens' on images.google.com shows 370K results. lets say he gets 630K non kitten images, making it a total of 1 million images. then i'd have a bot request the KittenAuth images. 1 out of 84 times, it would guess right and then it would fingerprint the kitten and non-kitten images. if the images get skewed, to make fingerprinting harder, then it would use image processing techniques to help with this (just like CAPTCHA crackers do today). after many rounds of this, the bot will start knowing some of the images, improving its chances of guessing correctly. so its guessing will get better and better until ultimately it knows the entire image database. to speed things up, for images it does not know, it could present those to humans to label as kitten or non kitten. which is a quick process. they could also increase the # of kitten images you must choose, once again, a bot does not care, but at some point you piss off your actual users (just like CAPTCHA does today). and guessing can always be improved from the beginning. the bot can determine the main object in the image and determine its color and body position. for new images it can see if they have a similar color or body position, e.g ruling out animals that dont have similar body styles or color markings.

the thing to realize is that ultimately we run out of being able to do things better than a computer. you can brute force most of these things today, and supplement it with human training. e.g. speech/ink/character recognition are all very usable today. so computers can already handle our sense of hearing very well. they've got things to sniff out bomb materials ... i can't do that. vision is harder, but the AI guys are getting better. e.g. face recognition. someday the robot in your home will have to recognize humans and even your pet kittens. and someday a human brain will be modeled in a computer. then CAPTCHA, KittenAuth, etc... are all meaningless. the act of designing a test that a human can do and a computer will not is like trying to build a perpetual motion machine. er, um ... the singularity is near.