Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gmail CAPTCHA Cracked

Posted by kdawson on from the like-dominos dept.

I Don't Believe in Imaginary Property writes "Websense is reporting that Gmail's CAPTCHA has been broken, and that bots are beginning to sign up with a one in five success rate. More interestingly, they have a lot of technical details about how the botnet members coordinate with two different computers during the process. They believe that the second host is either trying to learn to crack the CAPTCHA or that it's a quality check of some sort. Curiously, the bots pretend to read the help information while breaking the CAPTCHA, probably to prevent Google from giving them a timeout message."

4 of 317 comments (clear)

  1. Re:i work with OCR/ICR technology by martin-boundary · · Score: 5, Informative
    Unfortunately, it's HumanPower(TM). About 3/4 of the way down TFA, they show a web page with instructions (in Russian) for the people who get paid to read the CAPTCHAs.

  2. Re:CAPTCHA is for weak minds by PayPaI · · Score: 5, Informative

    http://recaptcha.net/

  3. Re:i work with OCR/ICR technology by martin-boundary · · Score: 5, Informative

    TFA says this is a service SELLING captcha breaking
    I'm not sure you're right. Why would the page include instructions such as

    In no case do not enter random characters!

    We pay only correctly recognized pictures!

    That sounds more like instructions for people doing the CAPTCHA breaking, no? Unfortunately, I can only go by the English translation, somebody who can read Russian would be useful.

    I'd expect it to do much better than the 20% they cite.
    I can think of various reasons. For example, there might not be somebody at the other end doing the breaking at the exact moment when the bot tries to connect. In that case you'd get ~100% for only part of the day and 0% the rest of the time. 24 * 20% is about 5 hours each day. A part time job?

    It's also true that _average_ people only break CAPTCHAs successfully about 80% of the time. Here's a relevant experiment

    Then there's possible issues with firewalls etc. Some bots are hosted on a zombified PC which could have any kind of restrictions, and it might have trouble dialing one of the the servers, or maybe the server can't respond properly due to inbound filtering.

  4. Re:i work with OCR/ICR technology by EdIII · · Score: 5, Informative

    Don't listen to the trolls, you are not alone at all.

    It really depends on the captcha being used, but the real problem is that a good percentage of the time on the hard captcha's you just cannot make a definitive choice on a single letter.

    That means you got a 50/50 shot of being right on it. If it was 2 letters, which is more rare, now you got a 1/4 chance of being right.

    I have seen some captcha's that are so ridiculous in their attempts at obfuscating the letters, that it is just next to impossible. Maybe that is the whole point too. A strong captcha may be one that a human fails at half the time.