Algorithms like SIFT (<a href="http://en.wikipedia.org/wiki/Scale-invariant_feature_transform">http://en.wikipedia.org/wiki/Scale-invariant_feature_transform</a>) <br>make this even more accurate.<br><br>FWIW, here's my opinion on the technology. Some of this is from memory. <br>
First, they're ok with a 1/4096 success rate from random guesses according to<br>their paper. They say that they have a very large database to pull from (all<br>of the previously posted data that attackers wouldn't have access to) but I'm<br>
figuring that adding a few thousand pre-tagged animals to the mix every week<br>(the animals available for adoption currently) in combination with the fact that <br>attackers can farm out solving them and also save correct answers means that <br>
the attacker's cost declines over time and their success rate increases.<br><br>Not good characteristics.<br><br><div class="gmail_quote">On Wed, Mar 26, 2008 at 10:21 AM, Stefan Wagner <<a href="mailto:ffm.stefan@googlemail.com">ffm.stefan@googlemail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">> I think we have already discussed this topic, and someone said we could<br>
> use pictures of cats and other animals and ask the user to count the<br>
> number of cats on the photos.<br>
><br>
> Microsoft is working on this, it looks promising.<br>
><br>
> <a href="http://research.microsoft.com/asirra/" target="_blank">http://research.microsoft.com/asirra/</a><br>
<br>
</div>I think a weak point may be that <a href="http://petfinder.com" target="_blank">petfinder.com</a> pictures are available<br>
to the public too.<br>
<br>
An Attacker could let some bots crawl <a href="http://petfinder.com" target="_blank">petfinder.com</a> by Category, grab<br>
the thumbnails<br>
(or the big pictures) and resize 'em to asirra thumbnail size (to<br>
avoid the bottom text "<a href="http://petfinder.com" target="_blank">petfinder.com</a>"<br>
Logo on asirra big pictures) and put some CRC of that into a DB (maybe<br>
even make it b/w and<br>
low-res, only take specified part(s) of the picture for the CRC and so<br>
on). This sure won't be perfect, but<br>
for some usable percentage i think it may currently work.<br>
<br>
Regards,<br>
<font color="#888888"> Stefan<br>
</font><div><div></div><div class="Wj3C7c">_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunitysec.com">Dailydave@lists.immunitysec.com</a><br>
<a href="http://lists.immunitysec.com/mailman/listinfo/dailydave" target="_blank">http://lists.immunitysec.com/mailman/listinfo/dailydave</a><br>
</div></div></blockquote></div><br>