NuCaptcha

Last updated May 03, 2024

The logo of NuCaptcha.

NuCaptcha is an early fraud detection service which utilises behavior analytics to provision threat appropriate, animated video CAPTCHAs. NuCaptcha is developed and operated by Canada-based firm NuData Security.^[1]^[2]^[3]^[4]

Static image-based CAPTCHAs are routinely used to prevent automated sign-ups to websites by using text or images of words disguised so that optical character recognition (OCR) software has trouble reading them.^[1] However, in common CAPTCHA systems, users fail to correctly solve the CAPTCHA 7–25% of the time.^[5] NuCaptcha uses animated video technology that it claims make puzzles easier for humans to solve, but harder for bots and hackers to decipher.^[1]

Technology

NuCaptcha attempts to solve usability of static image-based CAPTCHAs using video animation to display CAPTCHA puzzles, and a behavior analysis system to monitor interactions with the platform. Video animation. CAPTCHAs are displayed as a video, and rendered in the web browser. A variety of technologies can be used to display the animated CAPTCHA, such as Flash video, HTML5, or GIF. Standard CAPTCHA techniques such as character crowding, once animated, are easier for humans to detect because of an innate motion-detecting ability. Behavior analysis. Using machine-learning algorithms, NuCaptcha monitors platform interactions to tune the security of each CAPTCHA delivered to the user. Suspected attackers are given progressively more secure CAPTCHAs.^[6]

Security

Security researcher Elie Bursztein demonstrated a practical attack against NuCaptcha's video CAPTCHA scheme by employing optical flow techniques to isolate individual CAPTCHA characters. The proposed attack is able to break the video CAPTCHAs in more than 90% of cases.^[7]

In response, NuCaptcha noted that Bursztein’s findings underscore the need for CAPTCHA puzzles to be part of a larger security construct, such as behavior monitoring to assess the risk of individual users. NuCaptcha also pointed out that the CAPTCHAs analyzed in Bursztein's blog post were middle-security puzzles focused on usability, and not the stronger puzzles presented to high-risk users. In addition to this, NuCaptcha noted that the optical flow technique relies on static non-animated features of the puzzle. Changes were made to NuCaptcha puzzles to remove the static non-animated features.^[8]

Application

NuCaptcha APIs are currently^{[ as of? ]} available in PHP, .NET, and Java. Plugins are available for WordPress, Drupal, Codelgniter, vBulletin, and phpBB.^[9] In October 2011, NuCaptcha announced its CAPTCHA solutions for mobile devices across all platforms, including Android and iOS.^[10]

Related Research Articles

A website is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Websites are typically dedicated to a particular topic or purpose, such as news, education, commerce, entertainment, or social media. Hyperlinking between web pages guides the navigation of the site, which often starts with a home page. The most-visited sites are Google, YouTube, and Facebook.

Optical character recognition or optical character reader (OCR) is the electronic or mechanical conversion of images of typed, handwritten or printed text into machine-encoded text, whether from a scanned document, a photo of a document, a scene photo or from subtitle text superimposed on an image.

A CAPTCHA is a type of challenge–response test used in computing to determine whether the user is human in order to deter bot attacks and spam.

<span class="mw-page-title-main">Motion capture</span> Process of recording the movement of objects or people

Motion capture is the process of recording the movement of objects or people. It is used in military, entertainment, sports, medical applications, and for validation of computer vision and robots. In filmmaking and video game development, it refers to recording actions of human actors and using that information to animate digital character models in 2D or 3D computer animation. When it includes face and fingers or captures subtle expressions, it is often referred to as performance capture. In many fields, motion capture is sometimes called motion tracking, but in filmmaking and games, motion tracking usually refers more to match moving.

Address munging is the practice of disguising an e-mail address to prevent it from being automatically collected by unsolicited bulk e-mail providers. Address munging is intended to disguise an e-mail address in a way that prevents computer software from seeing the real address, or even any address at all, but still allows a human reader to reconstruct the original and contact the author: an email address such as, "no-one@example.com", becomes "no-one at example dot com", for instance.

A framekiller is a technique used by websites and web applications to prevent their web pages from being displayed within a frame. A frame is a subdivision of a Web browser window and can act like a smaller window. A framekiller is usually used to prevent a website from being loaded from within a frameset without permission or as an attack, as with clickjacking.

In computer displays, filmmaking, television production, and other kinetic displays, scrolling is sliding text, images or video across a monitor or display, vertically or horizontally. "Scrolling," as such, does not change the layout of the text or pictures but moves the user's view across what is apparently a larger image that is not wholly seen. A common television and movie special effect is to scroll credits, while leaving the background stationary. Scrolling may take place completely without user intervention or, on an interactive device, be triggered by touchscreen or a keypress and continue without further intervention until a further user action, or be entirely controlled by input devices.

A spambot is a computer program designed to assist in the sending of spam. Spambots usually create accounts and send spam messages with them. Web hosts and website operators have responded by banning spammers, leading to an ongoing struggle between them and spammers in which spammers find new ways to evade the bans and anti-spam programs, and hosts counteract these methods.

An Internet bot, web robot, robot or simply bot, is a software application that runs automated tasks (scripts) on the Internet, usually with the intent to imitate human activity, such as messaging, on a large scale. An Internet bot plays the client role in a client–server model whereas the server role is usually played by web servers. Internet bots are able to perform simple and repetitive tasks much faster than a person could ever do. The most extensive use of bots is for web crawling, in which an automated script fetches, analyzes and files information from web servers. More than half of all web traffic is generated by bots.

Email harvesting or scraping is the process of obtaining lists of email addresses using various methods. Typically these are then used for bulk email or spam.

<span class="mw-page-title-main">Motion graphics</span> Digital footage or animation which create the illusion of motion or rotation

Motion graphics are pieces of animation or digital footage that create the illusion of motion or rotation, and are usually combined with audio for use in multimedia projects. Motion graphics are usually displayed via electronic media technology, but may also be displayed via manual powered technology. The term distinguishes static graphics from those with a transforming appearance over time, without over-specifying the form. While any form of experimental or abstract animation can be called motion graphics, the term typically more explicitly refers to the commercial application of animation and effects to video, film, TV, and interactive applications.

<span class="mw-page-title-main">Sam Hocevar</span> French software and video game developer (born 1978)

Samuel Hocevar is a French software and video game developer. He was the project leader of the Debian operating system from 17 April 2007 to 16 April 2008, and one of the founding members of Goatse Security.

reCAPTCHA CAPTCHA implementation owned by Google

reCAPTCHA Inc. is a CAPTCHA system owned by Google. It enables web hosts to distinguish between human and automated access to websites. The original version asked users to decipher hard-to-read text or match images. Version 2 also asked users to decipher text or match images if the analysis of cookies and canvas rendering suggested the page was being downloaded automatically. Since version 3, reCAPTCHA will never interrupt users and is intended to run automatically when users load pages or click buttons.

Private browsing, also known as incognito mode or private mode, is a feature available in web browsers that allows users to browse the internet without leaving any traces of their online activity on their device. In this mode, the browser initiates a temporary session separate from its main session and user data. The browsing history is not recorded, and local data related to the session, like Cookies and Web cache, are deleted once the session ends. The primary purpose of these modes is to ensure that data and history from a specific browsing session do not remain on the device or get accessed by another user of the same device.

Forum spam consists of posts on Internet forums that contains related or unrelated advertisements, links to malicious websites, trolling and abusive or otherwise unwanted information. Forum spam is usually posted onto message boards by automated spambots or manually with unscrupulous intentions with intent to get the spam in front of readers who would not otherwise have anything to do with it intentionally.

XRumer is a piece of software made for spamming online forums and comment sections. It is marketed as a program for search engine optimization and was created by BotmasterLabs. It is able to register and post to forums with the aim of boosting search engine rankings. The program is able to bypass security techniques commonly used by many forums and blogs to deter automated spam, such as account registration, client detection, many forms of CAPTCHAs, and e-mail activation before posting. The program utilises SOCKS and HTTP proxies in an attempt to make it more difficult for administrators to block posts by source IP, and features a proxy checking tool to verify the integrity and anonymity of the proxies used.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

<span class="mw-page-title-main">Elie Bursztein</span> French computer scientist (born 1980)

Elie Bursztein, born 1 June 1980 in France, is a French computer scientist and software engineer. He is currently Google and DeepMind AI cybersecurity technical and research lead.

Human presence detection is a range of technologies and methods for detecting the presence of a human body in an area of interest (AOI), or verification that computer, smartphone is operated by human. Software and hardware technologies are used for human presence detection. Unlike human sensing, that is dealing with human body only, human presence detection technologies are used to verify for safety, security or other reasons that human person, but not any other object is identified. Methods can be used for internet security authentication. These include software technologies such CAPTCHA and reCAPTCHA, as well as hardware technologies such as:

Proof of personhood (PoP) is a means of resisting malicious attacks on peer to peer networks, particularly, attacks that utilize multiple fake identities, otherwise known as a Sybil attack. Decentralized online platforms are particularly vulnerable to such attacks by their very nature, as notionally democratic and responsive to large voting blocks. In PoP, each unique human participant obtains one equal unit of voting power, and any associated rewards.

References

1 2 3 "Animated CAPTCHA tech aims to fox spambots". The Register . Retrieved 14 July 2010.
↑ "NuCaptcha Flash CAPTCHAs to combat spambots" . Retrieved 14 July 2010.
↑ "Spammers to Face Video CAPTCHA Technology - Security from eWeek". eWeek . Archived from the original on 22 January 2013. Retrieved 14 July 2010.
↑ "Gartner Security & Risk Management Summit". Gartner . Retrieved 18 June 2013.^{[ dead link ]}
↑ Bursztein, Elie; Bethard, Steven; Fabry, Celine; Mitchell, John C.; Jurafsky, Dan (March 2010). "How Good are Humans at Solving CAPTCHAS? A Large Scale Evaluation" (PDF). Stanford University. Retrieved 25 February 2012.
↑ "Video CAPTCHAs Promise Better Security, Less Frustration". Read, Write, Web. Retrieved 30 June 2010.
↑ Bursztein, Elie. "How we broke the NuCaptcha video scheme and what we propose to fix it" . Retrieved 20 February 2012.
↑ "NuCaptcha's Thoughts on Elie Bursztein's Document" . Retrieved 7 February 2012.
↑ "NuCaptcha Docs". NuCaptcha. Archived from the original on 15 February 2012. Retrieved 25 February 2012.
↑ "NuCaptcha Extends User-Friendly Captchas to Mobile Phones, Tablets and other Connected Devices". Press Release. Retrieved 5 October 2011.

External links

NuCAPTCHA homepage

This World Wide Web–related article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[reg-1] 1 2 3 "Animated CAPTCHA tech aims to fox spambots". The Register . Retrieved 14 July 2010.

[theh-2] "NuCaptcha Flash CAPTCHAs to combat spambots" . Retrieved 14 July 2010.

[eweek-3] "Spammers to Face Video CAPTCHA Technology - Security from eWeek". eWeek . Archived from the original on 22 January 2013. Retrieved 14 July 2010.

[4] "Gartner Security & Risk Management Summit". Gartner . Retrieved 18 June 2013.^{[ dead link ]}

[captcha-evaluation-5] Bursztein, Elie; Bethard, Steven; Fabry, Celine; Mitchell, John C.; Jurafsky, Dan (March 2010). "How Good are Humans at Solving CAPTCHAS? A Large Scale Evaluation" (PDF). Stanford University. Retrieved 25 February 2012.

[6] "Video CAPTCHAs Promise Better Security, Less Frustration". Read, Write, Web. Retrieved 30 June 2010.

[elinucaptcha-7] Bursztein, Elie. "How we broke the NuCaptcha video scheme and what we propose to fix it" . Retrieved 20 February 2012.

[8] "NuCaptcha's Thoughts on Elie Bursztein's Document" . Retrieved 7 February 2012.

[9] "NuCaptcha Docs". NuCaptcha. Archived from the original on 15 February 2012. Retrieved 25 February 2012.

[10] "NuCaptcha Extends User-Friendly Captchas to Mobile Phones, Tablets and other Connected Devices". Press Release. Retrieved 5 October 2011.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

v t e CAPTCHAs
reCAPTCHA NuCaptcha hCaptcha
Category WikiProject Commons