How To Break A CAPTCHA

A CAPTCHA, or Completely Automated Public Turing test to tell Computers and Humans Apart, is what the many online services like email, forums, and free web site hosts use to prevent their services from being misused. Were it not for CAPTCHAS and similar controls, various known and unknown criminals could otherwise easily setup thousands of email accounts, forum memberships, and personal web sites for themselves, and send millions of bits of email spam, post millions of forum spam messages, and publish millions of spam web sites, all in the amount of time that it will take me to write this article. And in March 2009, we see a new frontier in spamming - comment spam.

So thank heavens for the CAPTCHA (from pioneers like Luis Von Ahn), which protects us from the hacking, porn, and spam that would otherwise overwhelm the Internet.

Oh crap. The Internet is already overwhelmed. Maybe CAPTCHAS, actually, aren't accomplishing a thing - except stopping us, the honest Internet user, from setting up an email account, a forum membership, or a free web site, without raising our blood pressure another 20 points in 10 minutes.

No, CAPTCHAS do not work, Luis. Allegedly.

So, Chuck, how do you break a CAPTCHA? Well, I can think of 3 ways.

  1. Expensive high tech automated, CPU intensive, CAPTCHA breaking software. Right. I don't know about you, but my CAPTCHA solving skills are maybe .500 on my best day. How is a computer program going to break CAPTCHAs, reliably?
  2. Semi expensive hiring of personnel intensive CAPTCHA breaking staff (workers, supervisors, managers, communications lines, technology??) in third world countries (5:00). Staff that does nothing but look at CAPTCHAs, over and over, all day? Is that going to be reliable?
  3. Relatively cheap acquiring of volunteer labour, gathered through the Internet, completely ignorant of their role, who just want to look at the dancing pigs. Each volunteer collaborates with 2 or more other volunteers for one CAPTCHA, then is done, and never knows what he just did. Any porn merchant can get all of the volunteers that he needs.

Which is it? Door 1, 2, or 3?

For my money, it's got to be Door 3 - volunteer labour (5:45). Watch the video, and despair.

Human Computation (Luis Von Ahn: July 26, 2006)

No, Luis, this isn't allegedly happening (6:10).

Hacking, porn, and spam distribution is big business (6:20). Hackers, porn merchants, and spammers are making big bucks. Door 3 is the only possibility that makes any business sense. Volunteer labour - that's the trick (6:30).

So, yes, Luis, you could use these games to break the CAPTCHAs (51:10).

>> Top

Windows Vista and Scalable Networking

Over a year ago, I explored an issue of Windows Vista and its problems with using default networking settings relevant to Windows Scaling. The first known problem with Windows Scaling was an exciting networking option called Receive Window AutoTuning, which became a problem when an older router was in use.

Besides AutoTuning, which is a problem with older routers, there are two additional networking options - TCP Offload ("Chimney") and Receive-side Scaling ("RSS"), which are a similar problem with older networking adapters. If your computer suffers from symptoms similar to the well known MTU setting problem, and you get no relief from disabling RWin AutoTuning, consider disabling TCP Offload and Receive-side Scaling.

In a Vista command window (Run as Admin), enter

netsh interface tcp set global chimney=disabled
netsh interface tcp set global rss=disabled

TCP Chimney Offload takes a portion of the TCP/IP network stack, currently run on your computer as part of the Windows operating system, and runs it in a dedicated processor on a TOE capable network adapter. Less work for the operating system + processing as part of the physical networking adapter = better performance.

Receive-side Scaling allows processing of incoming network traffic to be properly run on a multi-processor computer, by ensuring that all packets from a single TCP network connection are consistently processed by the same processor. All incoming packets for each TCP connection processed by the same processor = packets never getting out of sequence, which can be a problem otherwise with multiple processors. Obviously, you'll need a multiple processor system, to get any benefit here.

Try Internet access with TCP Offload and Receive-side Scaling disabled, and see if network performance improves. If it does, see if you can upgrade or replace your network card with one that is TOE capable, which was stated to cost $25 - $50 earlier this year. Once you have the right network hardware, or if the above change doesn't provide any relief from your symptoms, you can re enable TCP Offload and Receive-side Scaling
netsh interface tcp set global chimney=enable
netsh interface tcp set global rss=enable

If you do see a bandwidth improvement and / or network utilisation drop after enabling chimney and / or rss, restart the system. You may see still more improvement after restarting. Use of proper tools for objective measurement of bandwidth and network utilisation, access to high speed Internet service, and use of high bandwidth network applications like streaming video, will make the success of this change a bit easier to assess.

Besides Scalable Networking, look at other possible problems with Windows Vista Networking Innovations, in Windows Vista and Explicit Congestion Notification.

For more details about this issue, see

Windows Vista, and Network Location Awareness, With Multiple Network Adapters

Some owners of laptop computers, running Windows Vista, are reporting an inaccurate network status indicator when the computer is first started, and connected to the network.

When a Vista computer is started, the network status indicator - the little globe icon in the tooltray - will indicate "Local Only" status. If you go ahead and start a browser, or other Internet client component, you'll get a connection, but it may be very slow for a while. Eventually, the network status indicator will change to show "Local and Internet", and connectivity will return to normal.

This is a problem with the Network Connectivity Status Indicator (NCSI) component of the Network Location Awareness (NLA) service, and how it determines Internet connectivity when there is no active network traffic. Even if the NLA is able to verify Internet connectivity, when there is more than one network adapter on the computer, NLA can't determine which adapter has connectivity, so NCSI shows all adapters as being connected locally only. This is a problem when connectivity is through a router, and a DNS probe is used to determine connectivity.

Many late model (which is what you would want running Vista, after all) computers have an IEEE 1394 (Firewire) port. Similar in function to USB (but receiving less consumer support), a 1394 Firewire port is supported as a network adapter in many desktop and laptop computers. If your desktop or laptop computer has the problem with "Local Only", and it has only one network adapter, run "IPConfig /all", and examine the log.

If you see an entry for "IEEE 1394", this could be a problem. You can disable this device from the Network wizard (called in Windows XP, "Network Connections"), or using the Device Manager under System Properties, if you don't intend to use a 1394 network. Not a lot of us use (or intend to use) 1394 networking.

Firewire is the best known alternative networking adapter, which is part of what is being called Personal Area Networking (PAN). Two other possibilities include InfraRed and USB.

Another possible contribution to the problem would be the IPV6 Tunnel adapters. You may get relief from the problem by (KB929852): disabling IPV6.

Microsoft Help and Support: (KB947041): The network connectivity status incorrectly appears as "Local only" on a Windows Server 2008-based or Windows Vista-based computer that has more than one network adapter describes the problem in more detail, and should eventually identify a solution.

>> Top