Scribd Logo
Upload

Welcome to Scribd!

  • CAPTCHA Is Dead! Final

    Uploaded by

    Matthew Joseph Sopiars
    127 views34 pages
    CAPTCHA Invented by four students from Carnegie Mellon University in 2000 Stop automation of SPAM Easy to scale Cheap to implement Applications for CAPTCHA Webmail Services Forums Blogs Preventing Denial Of Service attacks 93% of all comments on blog sites are spam Cost of SPAM 2009 $130 Billion ($42 Billion in the US) SPAM ROI: Worst Case All accounts get shut down each day $5310. Day Cost = $1 per 1000 CAPTCHAs solved $5,310. Cost $7000

    Original Description:

    Original Title

    CAPTCHA is Dead! Final

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CAPTCHA Invented by four students from Carnegie Mellon University in 2000 Stop automation of SPAM Easy to scale Cheap to implement Applications for CAPTCHA Webmail Services Forums Blogs Preventing Denial Of Service attacks 93% of all comments on blog sites are spam Cost of SPAM 2009 $130 Billion ($42 Billion in the US) SPAM ROI: Worst Case All accounts get shut down each day $5310. Day Cost = $1 per 1000 CAPTCHAs solved $5,310. Cost $7000

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    127 views34 pages

    CAPTCHA Is Dead! Final

    Uploaded by

    Matthew Joseph Sopiars
    CAPTCHA Invented by four students from Carnegie Mellon University in 2000 Stop automation of SPAM Easy to scale Cheap to implement Applications for CAPTCHA Webmail Services Forums Blogs Preventing Denial Of Service attacks 93% of all comments on blog sites are spam Cost of SPAM 2009 $130 Billion ($42 Billion in the US) SPAM ROI: Worst Case All accounts get shut down each day $5310. Day Cost = $1 per 1000 CAPTCHAs solved $5,310. Cost $7000

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 34

    Matthew Sopiars & Sean Whitley

    Agenda

    • Quick history of SPAM


    • Invention of CAPTCHA
    • How spammers defeat CAPTCHA
    • Alternatives to CAPTCHA
    • Questions
    Growth of Email Spam

    Source: www.knowyourmeme.com
    History of SPAM

    • 120 Billion SPAM messages / day


    • 1.38 Million SPAM messages / second
    • 85-90% of all emails sent globally are SPAM

    Source: Sophos 2010 Security Threat Report


    SPAM: Social Networks

    • 57% of social networking users report receiving


    spam via social networks
    • 70% increase from 2009

    Source: Sophos 2010 Security Threat Report


    SPAM: Classifieds & Blogs

    93% of all comments on blog sites are SPAM

    Source: Askimet
    Cost of SPAM

    Potential loss of:


    • Brand reputation
    • Users
    • Money
    • Productivity
    • Bandwidth
    Cost of SPAM 2009

    $130 Billion ($42 Billion in the US)

    Source: Ferris Research


    Invention of CAPTCHA
    Invention of CAPTCHA

    CAPTCHA
    Completely Automated Public
    Turing test
    to tell
    Computers
    and
    Humans

    • Invented by four students from Carnegie Mellon University in 2000


    Apart

    • Stop automation of SPAM


    • Easy to scale
    • Cheap to implement
    Applications for CAPTCHA

    • Webmail Services
    • Forums
    • Blogs
    • Preventing Denial Of Service attacks
    • Prevent bulk account creation/Comment Spam
    Why CAPTCHA

    • Spammers thrive on automation


    • Saves time and Money
    • CAPTCHA stops bots
    • Is it effective?
    CAPTCHA solving software

    • DeCAPTCHer
    • PWNTCHA
    • CAPTCHAKing
    CAPTCHA Redirection
    CAPTCHA outsourcing

    • Human CAPTCHA
    Solving
    • Less than a penny per
    CAPTCHA solved
    CAPTCHA Solver
    Job Openings
    CAPTCHA Outsourcing
    SPAM Study

    • Used 75,869 accounts


    • 26 days and 350 million emails
    • Received a response once every
    12.5 million emails
    • 28 sales resulted
    • Revenue: $100/day

    Source: UC Berkeley
    SPAM ROI

    Scale like a spammer:


    • 5,310,830 accounts
    • Average cost = $1 per 1000 CAPTCHAs solved
    • $5,310.83 cost
    • $7000/day revenue
    • Profit = $1689.17

    Source: UC Berkeley
    SPAM ROI: Worst Case

    All accounts get shut


    down each day

    $5310.83 $1700 $50,000 $610,000


    Day Cost Day Profit Profits Per Month Profits Per Year

    Source: UC Berkeley
    SPAM ROI: Best Case

    No accounts get shut


    down

    $5310.83 $1700 $7000 $210,000 $2,520,000


    One Time Cost First Day Profit Profits Per Day Profits Per Month Profits Per Year

    Source: UC Berkeley
    CAPTCHA Adjustments

    • Merging characters together


    • Distortion and clutter
    • Audio CAPTCHA
    • Human Knowledge-Based Questions
    • Visual CAPTCHA
    Difficult CAPTCHAs
    Difficult CAPTCHAs
    Difficult CAPTCHAs
    CAPTCHA Alternatives

    • Audio CAPTCHA:
    • User is played a code and must type it in
    • Great alternative for vision-impaired
    • Works well for when a CAPTCHA is tough to solve
    • Can be tricky with different hardware/software
    combinations
    Image CAPTCHA

    • Naming images
    • Distinguishing Images
    • Clickable CAPTCHA
    • Machines have a hard
    time recognizing images
    • Image Mislabeling
    Knowledge Questions

    • Can be basic math or


    Basic human knowledge.
    • Prone to Human Error
    Anti-Spam Plug-Ins

    • Free plug-in for blogs, social-networks, etc


    • Reviews comments/wall posts
    • Returns a quality score or blacklist score
    based on the quality of the comment
    • User has no maintenance or database
    upgrading
    Video CAPTCHA

    • Plays a video of the


    CAPTCHA that needs to
    be completed.
    • User then types the letters
    prompted on the video to
    complete the response.
    • Hardware/software issues
    Phone Verification

    • Our bread and butter


    • Great for webmail providers, social networks, classifieds, etc.
    • In real-time, send an automated call/sms
    • User either hears or reads a one time code
    • They then have to type the code into your website to complete the
    challenge.
    • Quicker than email verification
    • Also can stop bulk registrations
    User-Friendly

    • Quick and Simple


    • Guaranteed call in less than 10 seconds
    • User never has to leave the page
    • No software/hardware
    • Users are used to phone verification because of its
    use by some of the largest websites in the world
    Phone Verified Accounts
    • Much more expensive to acquire for the
    spammer
    • Cuts down the ROI for spammers
    • Extremely difficult to automate
    • Spammers can acquire multiple VOIP
    numbers at no cost i.e. Google voice/ Skype
    to manually create accounts.
    • Phone ID-blocks VOIP/Prepaid Mobile
    Numbers
    Wrap-Up and Questions
    Sean Whitley
    Business Development Manager
    800-850-3485 ext 807
    seanw@telesign.com

    Matthew Sopiars
    Vice President of Sales
    800-850-3485 ext 805
    matt@telesign.com

    www.telesign.com

    You might also like