Skip to navigation
   
Davey Winder's Blog
RSS

Hotmail CAPTCHA: cracked in 20 seconds

By Davey Winder in Editorial

Posted in Data Protection, Spam, Security, Microsoft on February 18, 2009 at 12:12 am

Permalink | Author Profile

Although many people would like you to believe otherwise, the Completely Automated Public Turing test to tell Computers and Humans Apart (better known as CAPTCHA) is not foolproof. Yahoo! knows this, Google knows this, and now it would look like Microsoft knows it as well.

According to security researcher Sumeet Prasad at Websense the Microsoft Live Hotmail service CAPTCHA system has been busted wide open.

This is made all the more embarrassing for Microsoft courtesy of one small detail: just a few short months ago Microsoft had redesigned the CAPTCHA authentication it uses in order to prevent automated bot registration.

According to Websense “As the latest attack shows, those efforts have failed.” Its research suggests that the kind of anti-CAPTCHA attacks Microsoft is feeling are part of a strategy of escalation on the part of the spammer gangs in order to ensure that they can continue to exploit Microsoft branding and trust in order to sell their wares.

Worryingly, it appears that this latest attack is not the usual automated bot account creation system using command and control templates, but instead a much more sophisticated effort involving automated but encrypted communications between the spammer bots and compromised machines in order to secure the cracking attempts. Well, I say attempts but I mean successes. According to Prasad the success rate in converting a CAPTCHA cracking attempt into a fully active Live Hotmail account is as high as 20 percent. That’s one in every five attempts being successful.

If that were not frightening enough, it takes just 20 seconds from start to finish to do the cracking.

A full step by step expose of the technology and techniques employed can be found here.

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Emily - March 19, 2009 on 10:09 am

Whythey have changed the CAPTCHA system… what’s the reason… how to crack hotmail CAPTCHA…

Comment by Emily - March 19, 2009 on 10:10 am

Why they have changed the CAPTCHA system… what’s the reason… how to crack hotmail CAPTCHA…

Pingback by IT PRO: Blogs: Davey Winder: Decoding Captchas with OCR - October 5, 2009 on 11:56 pm

[…] fell victim to spammer gang hacking attention earlier in the year. I wrote a piece on IT Pro called Hotmail CAPTCHA: cracked in 20 seconds at the […]

Comment by buy anabol tablets - April 2, 2011 on 5:26 pm

Sounds good, I like to read your blog, just added to my favorites ;)

Comment by forex automoney reviews - April 8, 2011 on 8:40 pm

As a Newbie, I am always searching online for articles that can help me. Thank you Wow! Thank you! I always wanted to write in my site something like that. Can I take part of your post to my blog?

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Linux Funny Gartner App Store surveys stupid Digital Footprint ISPA shopping virtual world Steve Jobs Eee e-commerce holidays Addiction digitise parental control Rant Gateway ID Theft phishing Eee PC iPod eBook Rumour Facebook IDC BOFH Spotify search YouTube Mafia Mars Michael Jackson Steve Ballmer economy Vista recession Harry Potter Google Earth remote working PS3 black hat earth hour Analysis ROFL staffing Developers green ecommerce global Top 500 Browsers Psychic Palm network console fool Scotland Internet Digg Amazon patent Cisco Twitter universe MSN Guardian millions Licensing policy Project Game students work RAM services The Federation NBC RATM Government Recall innovation service Sony Education HP books Finjan Acer Microsoft AMD BSI data Mobile Phones IBM e Business law Porn linkedin Flash Windows 7 McKinnon Parenting MSNBC Space Election Health GMail Firefox statistics VPN Media tax Windows Phone 7 Series web 2.0 memory web OCR acquisition Mobile Phone adware Opinion environment Yahoo snooping Gadget storage Enterprise NASA wifi Microchip avatar man-in-the-middle Obama MiniBook MessageLabs fun IT graphics DNS information computers tech sick transactional security Adobe workplace VM InfoSec disclosure symantec data protection Children iPhone 3G EU home payment server family development library Battery support world of warcraft virtual machine Data Centre Video Browser Beta Apps copyright monetisation Trousers exploit compromise Hack Johnny Depp computing Zango Kindle Software email payments Internet Explorer Employment Paris Hilton science computer security hubdub ISP biometrics Nexus Kin games dumb Deal printing second life smartphone Web Development Advertising OS Marketing App Music Google xmas SSL Research Texas Instruments christmas Jesus Phone Dell standards Jobs terrorism spam GSM Networks Psion Blogging ASUS Windows hoax privacy Backlash hacking Bill Gates news code Voice IP theft Europe malware gadgets archiving teleworking museum size worm Retail Study virus Conference credit crunch Top 10 Noro fake botnet poll cloud campaign Russia Nintendo help hypervisor Supercomputer Energy betting Blog iPad USA Programming hacker economics open source worker hardware carbon copy Apple money gaming Android Tesco crime desktop spending mobile Notebooks encryption office nightmare football School meme Architecture China remote admin debian migration Big Brother virtualisation Palm Pre Madness CAPTCHA Pirate Performance computing patch management prison fraud XP Olympics Netbook broadband Lotus productivity stupidity documentation Silverlight banking rootkits scam scan social networking Press trust chips FBI Intel report Military Ballmer President Application management credit card fraud HPC Death Geeks Trojan technology Review Patents VeriSign lawsuit survey iPhone Army Sex iPhone 3GS Banned outsourcing SMS Kill Switch politics Kaspersky mail scareware Experiment Meh banks Texting
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement