Abstract

CAPTCHA is a standard security technology that presents tests to tell computers and humans apart. In this paper, we examine the security of a new CAPTCHA that was deployed until very recently by Megaupload, a leading online storage and delivery website. The security of this scheme relies on a novel segmentation resistance mechanism. However, we show that this CAPTCHA can be segmented using a simple but new automated attack with a success rate of 78%. It takes about 120 ms on average to segment each challenge on a standard desktop computer.

Keywords

CAPTCHA, Gestalt perception, robustness, segmentation attack

The robustness of a new CAPTCHA
Salah El Ahmad, A., Yan, J. and Marshall, L.
In Proceedings of the third European Workshop on System Security, EUROSEC '10, 13th of April 2010, Paris, France
pp 36-41
ACM, 2010

[Abstract]