Skip to navigation
   
Davey Winder's Blog
RSS

CAPTCHA, HACKEDCHA, GOTCHA

By Davey Winder in Editorial

Posted in Uncategorized on January 25, 2008 at 3:49 pm

Permalink | Author Profile

The Completely Automated Public Turing test to tell Computers and Humans Apart security system, thankfully better known by the pseudo-acronym of CAPTCHA, has been well and truly cracked according to reports online. The system uses a set of alpha-numeric characters presented against a background which when combined make it all but impossible for a machine to decipher but easy enough for the human brain to be able to deal with. Or at least that was up until now if these reports are to be believed.

A Russian security ‘researcher’ going by the pseudonym of John Wane has claimed success in bypassing one of the toughest of CAPTCHA implementations, the one to be found at Yahoo! Wane has posted decoder system code online which is said to be accurate to around 35 percent. Now that might not sound significant, but when you are trying to keep the spammer bots at bay I can assure you that it is. As Wane himself says “It’s not necessary to achieve a high degree of accuracy when designing automated recognition software” especially when a spammer can easily hit a rate in excess of 100,000 attempts per day. If they were to manage anything like 30,000 successful account creations then the spam problem, for blogs, forums and the general email population, would rocket overnight.

Application vulnerability software specialists Fortify has warned us all to be vigilant, especially as far as message received from webmail systems are concerned in the light of this possible breach. Fortify Chief Scientist Brian Chess has gone on record to say that “any free email service that is using the CAPTCHA system - or a similar approach to prevent automated sign-ups - is engaged in a never-ending arms race with its attackers.”

It isn’t all bad news though, as CAPTCHA represents just the main gate as it were in the fight against spammers, and the likes of Yahoo! and Google have plenty of other tricks up their collective spam fighting sleeves to prevent an all out flood of malicious mail.

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Simon Bisson & Mary Branscombe - January 26, 2008 on 4:21 am

I like the kitten captcha-equivalent that Microsoft came up with; not only is image analysis software harder to write than letter scrapers, but every use donates to animal shelters. In the long run, we have to have a robust identity and reputation system - and maybe an exam to prove you’re not stupid enough to buy from spammers before you get to use a service…

Comment by Davey Winder - January 27, 2008 on 2:08 pm

Yep, I was rather enamoured by the MS kittens thing myself. But as you say, ultimately we do have to address the problem of end users having a trailer trash mentality when it comes to spam and link clicking.

Comment by Nick Kotarski - April 2, 2008 on 5:58 pm

Captcha isn’t accessible and the MS kittens thing can only be worse. I find Akismet works pretty well for stopping comment spam. There must be a similar way that would limit the number of signups from a particular IP address.
And yes I know that just about everything can be forged and dynamic IP addresses complicate things.

Pingback by IT PRO: Blogs: Davey Winder: Hotmail CAPTCHA: cracked in 20 seconds - February 18, 2009 on 12:12 am

[…] Public Turing test to tell Computers and Humans Apart (better known as CAPTCHA) is not foolproof. Yahoo! knows this, Google knows this, and now it would look like Microsoft knows it as […]

Comment by cod liver oil - October 28, 2009 on 5:41 am

Thanks for sharing such a nice information regarding captcha and Gotcha. I am wondering if I can share your article in the bookmarks of society.

Trackback by wordpress tema - June 11, 2011 on 2:52 pm

wordpress tema…

Wow, marvelous blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your site is great, as well as the content!…

Trackback by denver family lawyer - June 18, 2011 on 12:35 am

Hi…

Great site you got here. Good job with the entry as well. I found this related post that you may want to visit….

Trackback by facebook - June 19, 2011 on 5:55 pm

facebook…

I like this specific post,I guess that that they having fun to learn this publish,they should take a very good site to create a information,many thanks for sharing this to me….

Trackback by ozoderm - June 23, 2011 on 11:42 pm

ozoderm…

Thanks for taking the time to debate this, I feel strongly about it and love studying extra on this topic. If possible, as you acquire expertise, would you mind updating your blog with further information? It is extremely useful for me….

Trackback by storm windows dallas - July 8, 2011 on 2:35 pm

Useful Links…

I saw this really great Website today, I would like to share it with you all….

Trackback by garment daily business reports - July 28, 2011 on 3:04 pm

Recent Blogroll Additions……

[…]usually posts some very interesting stuff like this. If you’re new to this site[…]……

Trackback by free ipad - September 17, 2011 on 1:25 pm

……

Hi there. Very cool website!! Man .. Excellent .. Superb .. I will bookmark your blog and take the feeds also…I am happy to find numerous helpful information right here in the article. Thanks for sharing…..

Trackback by Hollis Back - February 9, 2012 on 5:35 am

will smith divorce jada…

[…]making it 13 victories from 13 races – explained of her decision[…]…

Trackback by Jae Garlock - February 9, 2012 on 8:46 am

will smith twitter account…

[…]have a single of each and every pair” or even “I really feel not at the moment becoming my mouth place guard, I am particular that our canine […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Blog NASA IBM China scan Notebooks surveys Jesus Phone Gartner stupid universe Windows 7 management Digital Footprint USA Hack SMS console terrorism betting remote tech worker report Business books Psychic carbon copy disclosure App nightmare Voice Sony Kill Switch Flash Madness banks Paris Hilton Dell games ASUS Microsoft scareware Licensing Browser Education Data Centre students Trojan storage Geeks The Federation help work privacy mail Mobile Phone Windows Rant Patents iPad Study library Johnny Depp Browsers network Music Media Marketing Retail iPhone 3G hacker debian symantec recession services Netbook Gateway McKinnon Web Development acquisition Funny millions black hat web data protection Analysis fraud VeriSign phishing BSI avatar Battery Mobile Phones linkedin Europe graphics Supercomputer data staffing IT MSN crime SSL support BOFH Big Brother OCR EU Application Olympics law Army spending man-in-the-middle IP Harry Potter virus Adobe christmas service migration Steve Jobs family archiving InfoSec Silverlight Health world of warcraft Architecture global patent environment Vista Election Yahoo parental control Pirate Blogging fake desktop Acer Addiction encryption Government e virtualisation Software Military Nintendo Psion monetisation theft news DNS Texting President YouTube GSM cloud Employment economics email mobile Rumour fool snooping hacking Guardian Backlash HPC VPN Top 10 standards FBI ISP Project home innovation fun Banned copyright hubdub earth hour Recall Gadget CAPTCHA patch management Amazon Scotland App Store Apple trust exploit Sex poll social networking HP e-commerce credit card fraud ROFL open source Spotify hardware second life memory museum productivity Cisco MSNBC Kindle virtual world Conference development Internet Explorer virtual machine Enterprise money policy Review chips Developers XP Ballmer botnet sick Facebook Zango Meh Research ecommerce Lotus MessageLabs printing Top 500 Linux NBC security Space Nexus transactional security VM politics Windows Phone 7 Series dumb hoax School technology iPhone 3GS Press biometrics economy Tesco payments computing green Obama ISPA payment server Death banking Experiment statistics Mafia Game tax Finjan OS spam compromise Advertising Jobs Noro meme iPod Eee PC rootkits Eee teleworking Children Google iPhone code campaign Texas Instruments Performance computing gaming workplace GMail Mars Opinion credit crunch lawsuit eBook scam Microchip RATM Internet remote working size wifi malware computer broadband gadgets Kaspersky Programming Bill Gates hypervisor Palm IDC Parenting Firefox Video web 2.0 digitise Beta survey Networks science Deal prison Android Google Earth AMD Palm Pre worm outsourcing PS3 smartphone stupidity Porn admin information football RAM holidays Apps Michael Jackson office MiniBook Trousers Kin Intel xmas shopping Steve Ballmer Twitter Russia adware Digg computers documentation search ID Theft Energy
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement