Hacker News new | ask | show | jobs
Automatically Solving Captchas on Project Euler (franklinta.com)
45 points by nilknarf 4324 days ago
3 comments
ary 4324 days ago
This is a security problem for Project Euler and should have been disclosed to them as such. Dropping what amounts to a zero-day on their submission form is not acting in good faith.

The right way to go about this would have been to break the captcha, submit the problems, and then email them a polite writeup. Claim the glory after they fix it.

link
userbinator 4323 days ago
What are the "bad guys" going to do, create accounts and submit problem solutions...? There doesn't appear to be anything worth "attacking" here anyway, so I don't think this is a "security problem" at all.
link
joshdick 4323 days ago
The captcha was introduced to Project Euler a few years ago in response to someone spamming the site with requests to check an answer.

Apparently, someone had trouble with a question, so they wrote a script to submit every possible number.

link
Afforess 4324 days ago
Bahahah....

Any site using captchas for anti-bot security is already broken. There are plenty of web services to solve captchas for fractions of pennies.

Don't use captchas. Text-based captchas have been broken since 2010 at least.

link
voltagex_ 4324 days ago
What are some good alternatives?
link
joelthelion 4324 days ago
Given that Google still uses text-based captchas in 2014, I think we can safely conclude that they are still state-of-the art. Of course Google's captchas are a little harder to defeat than these ones :)
link
dlss 4323 days ago
1. ReCAPTCHA does a lot more than Project Euler's captchas... or to put it another way, the "Zero day" you're talking about would be worthless vs ReCAPTCHA: http://en.wikipedia.org/wiki/ReCAPTCHA#Security

2. Google requires a verified cell phone number for most of their services at this point, with the captha basically being a way to avoid spamming text messages

"Given that people still drive cars in 2014, I think we can safely conclude that the 1908 Ford Model T is still state-of-the art"

link
fantan 4323 days ago
I agree with everything you said but also want to add that recaptchas have been "solved" also. By google themselves actually (http://techcrunch.com/2014/04/16/googles-new-street-view-ima...).

Cars are safer now than they were in 1908 but are still one of leading cause of death. But it's the best we've got for now.

link
x0x0 4324 days ago
It's a dick move to be a griefer / enable grifers to a bunch of nice people. Lots of us knew you could do this; nobody else was a big enough ass to give script kiddies code.
link
recursive 4324 days ago
There's no code provided, and not really any original research here either. Anyone that was trying to break such a simple captcha, and is able to understand this blog post, already has all the tools they needed to break it. Reading this blog post maybe would save someone half an hour of thinking about the problem.
link
a3_nm 4324 days ago
> There's no code provided

Yes there is: https://github.com/fta2012/ProjectEulerCaptchaSolver

link
derekja 4324 days ago
nice simple approach!

And despite the previous commenter I don't see a problem with publishing a neat solution to a fairly cursory attempt to prevent automated submissions. If they care enough they can fix it, but the rather simplistic nature of their capcha implies they don't care much. shrug

link
kevinburke 4323 days ago
Heh! I implemented this a few years ago as part of a command line client for submitting solutions.

https://bitbucket.org/kevinburke/euler

link
fantan 4323 days ago
Looking at a screenshot https://skitch.com/kburke/fmkf3/1-bash-2-1 it seems like all this does is display the image in terminal and still requires user input?
link