Skip to navigation
   
Davey Winder's Blog
RSS

CAPTCHA, HACKEDCHA, GOTCHA

By Davey Winder in Editorial

Posted in Uncategorized on January 25, 2008 at 3:49 pm

Permalink | Author Profile

The Completely Automated Public Turing test to tell Computers and Humans Apart security system, thankfully better known by the pseudo-acronym of CAPTCHA, has been well and truly cracked according to reports online. The system uses a set of alpha-numeric characters presented against a background which when combined make it all but impossible for a machine to decipher but easy enough for the human brain to be able to deal with. Or at least that was up until now if these reports are to be believed.

A Russian security ‘researcher’ going by the pseudonym of John Wane has claimed success in bypassing one of the toughest of CAPTCHA implementations, the one to be found at Yahoo! Wane has posted decoder system code online which is said to be accurate to around 35 percent. Now that might not sound significant, but when you are trying to keep the spammer bots at bay I can assure you that it is. As Wane himself says “It’s not necessary to achieve a high degree of accuracy when designing automated recognition software” especially when a spammer can easily hit a rate in excess of 100,000 attempts per day. If they were to manage anything like 30,000 successful account creations then the spam problem, for blogs, forums and the general email population, would rocket overnight.

Application vulnerability software specialists Fortify has warned us all to be vigilant, especially as far as message received from webmail systems are concerned in the light of this possible breach. Fortify Chief Scientist Brian Chess has gone on record to say that “any free email service that is using the CAPTCHA system - or a similar approach to prevent automated sign-ups - is engaged in a never-ending arms race with its attackers.”

It isn’t all bad news though, as CAPTCHA represents just the main gate as it were in the fight against spammers, and the likes of Yahoo! and Google have plenty of other tricks up their collective spam fighting sleeves to prevent an all out flood of malicious mail.

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Simon Bisson & Mary Branscombe - January 26, 2008 on 4:21 am

I like the kitten captcha-equivalent that Microsoft came up with; not only is image analysis software harder to write than letter scrapers, but every use donates to animal shelters. In the long run, we have to have a robust identity and reputation system - and maybe an exam to prove you’re not stupid enough to buy from spammers before you get to use a service…

Comment by Davey Winder - January 27, 2008 on 2:08 pm

Yep, I was rather enamoured by the MS kittens thing myself. But as you say, ultimately we do have to address the problem of end users having a trailer trash mentality when it comes to spam and link clicking.

Comment by Nick Kotarski - April 2, 2008 on 5:58 pm

Captcha isn’t accessible and the MS kittens thing can only be worse. I find Akismet works pretty well for stopping comment spam. There must be a similar way that would limit the number of signups from a particular IP address.
And yes I know that just about everything can be forged and dynamic IP addresses complicate things.

Pingback by IT PRO: Blogs: Davey Winder: Hotmail CAPTCHA: cracked in 20 seconds - February 18, 2009 on 12:12 am

[…] Public Turing test to tell Computers and Humans Apart (better known as CAPTCHA) is not foolproof. Yahoo! knows this, Google knows this, and now it would look like Microsoft knows it as […]

Comment by cod liver oil - October 28, 2009 on 5:41 am

Thanks for sharing such a nice information regarding captcha and Gotcha. I am wondering if I can share your article in the bookmarks of society.

Trackback by wordpress tema - June 11, 2011 on 2:52 pm

wordpress tema…

Wow, marvelous blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your site is great, as well as the content!…

Trackback by denver family lawyer - June 18, 2011 on 12:35 am

Hi…

Great site you got here. Good job with the entry as well. I found this related post that you may want to visit….

Trackback by facebook - June 19, 2011 on 5:55 pm

facebook…

I like this specific post,I guess that that they having fun to learn this publish,they should take a very good site to create a information,many thanks for sharing this to me….

Trackback by ozoderm - June 23, 2011 on 11:42 pm

ozoderm…

Thanks for taking the time to debate this, I feel strongly about it and love studying extra on this topic. If possible, as you acquire expertise, would you mind updating your blog with further information? It is extremely useful for me….

Trackback by storm windows dallas - July 8, 2011 on 2:35 pm

Useful Links…

I saw this really great Website today, I would like to share it with you all….

Trackback by garment daily business reports - July 28, 2011 on 3:04 pm

Recent Blogroll Additions……

[…]usually posts some very interesting stuff like this. If you’re new to this site[…]……

Trackback by free ipad - September 17, 2011 on 1:25 pm

……

Hi there. Very cool website!! Man .. Excellent .. Superb .. I will bookmark your blog and take the feeds also…I am happy to find numerous helpful information right here in the article. Thanks for sharing…..

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

workplace campaign Networks staffing Linux RAM Gadget Top 10 lawsuit Children Project Advertising fake virus payments AMD Gateway PS3 social networking EU Review computing recession Yahoo remote working worker spending christmas Bill Gates desktop money archiving encryption patch management mobile Twitter Digital Footprint Facebook Windows Phone 7 Series tech graphics hubdub Addiction printing services smartphone hacking adware Education China Press computers Porn App Store malware theft digitise code football library Death banking gadgets Palm Pre Browser web 2.0 Performance computing Recall documentation credit card fraud nightmare Tesco Rant Noro Microchip Music Steve Ballmer information Parenting hardware Experiment stupidity migration Steve Jobs MSNBC Spotify console Big Brother Voice School environment HP service games Retail hypervisor Software poll IP Nexus crime Russia VPN Backlash broadband banks Windows monetisation dumb Kin Palm DNS policy politics IBM Pirate rootkits Mobile Phones XP Programming avatar science scan Data Centre development Mafia meme help stupid patent Health Internet Explorer disclosure Trojan Kill Switch Opinion linkedin McKinnon Government fun black hat Supercomputer work symantec Texas Instruments Web Development NASA Gartner office Meh ISP BOFH ecommerce The Federation Guardian Netbook Lotus Mobile Phone Battery scam Windows 7 MessageLabs Scotland NBC Paris Hilton Firefox Game Marketing students Application payment server SMS Silverlight chips iPad network Michael Jackson Kindle iPhone innovation Texting security Browsers statistics Deal virtualisation VeriSign Media computer Google Rumour world of warcraft wifi Space USA InfoSec Amazon Licensing phishing admin cloud snooping gaming GMail ID Theft xmas virtual world carbon copy betting e-commerce Beta news ROFL VM Android MSN fraud technology terrorism fool survey Architecture data protection SSL mail Eee PC second life ISPA memory Blog Mars standards Psion Jobs Digg support Army OCR Top 500 Europe remote Sex RATM parental control Conference App Madness Internet scareware e Developers man-in-the-middle Jesus Phone Google Earth family MiniBook sick acquisition Zango Apps books size outsourcing data eBook economics Sony Intel hoax Business GSM Eee Blogging Ballmer iPod Trousers debian storage surveys green trust FBI tax Johnny Depp Kaspersky millions Adobe President museum law Notebooks holidays hacker search Banned iPhone 3G prison management BSI transactional security Olympics OS IT Energy botnet global privacy Microsoft Vista web iPhone 3GS CAPTCHA universe report Research Obama Funny Nintendo virtual machine Apple copyright Psychic credit crunch Patents ASUS productivity shopping Dell HPC IDC worm Flash teleworking exploit Election economy open source compromise Cisco Acer Geeks email Finjan Harry Potter Enterprise home earth hour spam Employment Video Study Military biometrics Analysis Hack YouTube
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement