get_col("DESC $table_name", 0) as $column ) { if ($debug) echo("checking $column == $column_name
"); if ($column == $column_name) { return true; } } //didn't find it try to create it. $q = $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { if ($column == $column_name) { return true; } } return false; } } function btc_altertable() { global $tablecomments; $sql = "ALTER TABLE $tablecomments ADD COLUMN comment_reply_ID INT NOT NULL DEFAULT 0;"; maybe_add_column($tablecomments, 'comment_reply_ID', $sql); } function btc_alter_comment($new_id) { global $tablecomments, $wpdb; $sql = "UPDATE $tablecomments SET comment_reply_ID=".$_POST['comment_reply_ID']." WHERE comment_ID = $new_id;"; $wpdb->query($sql); } function briansnestedcomments() { global $font_gets_smaller; if (!($withcomments) && ($single)) return; // You can safely delete the single line below if your threaded comments are up and running btc_altertable(); ?> Usable Security » Blog Archive » Balancing Usability and Security in a Video CAPTCHA

Balancing Usability and Security in a Video CAPTCHA

July 17, 2009 by Richard Conlan
Kurt Kluever and Richard Zanibbi

CAPTCHA’s are used for a variety of purposes, but most generally to combat spammers.  A desirable CAPTCHA should be automatically generated, should not rely on secret databases or algorithms, should be usable, and should be hard to spoof.  Most existing CAPTCHAs fail in one or more of these respects, usually usability.

This study proposes using video CAPTCHAs, in which videos are played and a human user is expected to propose appropriate tags for the video.  The algorithm to create the CAPTCHA selects a random video from YouTube and uses text and metadata from Related Videos to generate an appropriate set of tags.  Any tags that are too common, such as “funny” or “music,” are stripped out.  The user’s results are graded by first being normalized to lowercase and removing punctuation and stop words and adding stem words so that “dogs” will match “dog,” and employed Levenshtein distance to allow for minor misspellings, etc.

There were two studies run online, one with 233 participants and one with 300, though only 143 and 184, respectively, completed the survey.  The average completion time was 20 seconds in the first study and 17 seconds in the second study.  Users reported finding the text CAPTCHAs faster, but the video CAPTCHAs more enjoyable.  They simulated an attacker using tag frequency data from the database to guess for the video.  For one twiddling of the settings humans were successful 77% of the time while the computer was only successful 2% of the time.