Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Live Hotmail CAPTCHA Cracked, Exploited

Posted by kdawson on from the nice-idea-while-it-lasted dept.

eldavojohn passes along what may be the last nail in the coffin for CAPTCHA technology. Coming on the heels of credible accounts of the downfall of first Yahoo's and then Gmail's CAPTCHA, Ars Technica is reporting on Websense Security Labs' deconstruction of the cracking and tuning / exploitation of the Live Hotmail CAPTCHA. Ars calculates that a single zombie computer can sign up over 1400 Live Hotmail accounts in a day, and alternate account creation with spamming. Time to dust off Kitten Auth?

17 of 362 comments (clear)

  1. Re:Great by Lovedumplingx · · Score: 3, Funny

    Well if God kills a kitten every time I...uh...yeah...then I guess I'm killing the kittens.

  2. I speak for everyone- Captchas SUCK. by zymano · · Score: 1, Funny

    WTF!!

    http://serendipity.lascribe.net/images/wtf.png

  3. 10 worst CRAPtchas by zymano · · Score: 4, Funny

    http://www.johnmwillis.com/other/top-10-worst-captchas/

    1. Re:10 worst CRAPtchas by Idiomatick · · Score: 4, Funny

      Oh and http://random.irb.hr/signup.php for math problem captcha...

  4. Kitten Auth by moderatorrater · · Score: 5, Funny

    Pretty soon we'll realize that anything a human can discern on the internet a computer can discern. For about the last year I've noticed that CAPTCHA's have gotten so bad that I can barely read them and they've become an impediment to my surfing. It's ridiculous and it's the same way that studios use DRM: you stop the illegitimate use by making it harder on everyone, including legitimate users.

    While kitten auth is an interesting concept, it won't last forever, and it's still a pain in the ass for the users. What happens when a computer learns the difference between a cat and a kitten? Are they going to start pushing the relative ages closer? distorting the image? Put a wav file of a "meow" on the page and make you tell them the cat's last meal? Have a customer service agent chat with you for a few minutes?

    They need to start banning based on use and patterns. 1400 accounts created from the same IP on the same day? Cat knowledge or no, that's suspicious behavior. 90% of the emails from that gmail account are getting marked as spam on the other end? Send them an email and ask them what's going on. Every single one of their emails is to 1000 recipients, don't pass a spell check on any words at all, send these five or more times a day and they're suspiciously familiar? Block it.

    1. Re:Kitten Auth by Farmer+Tim · · Score: 2, Funny

      Pretty soon we'll realize that anything a human can discern on the internet a computer can discern.

      So eventually computers will be able to surf for pr0n by themselves.

      The nerd's lot just keeps getting worse...

      --
      Blank until /. makes another boneheaded UI decision.
    2. Re:Kitten Auth by Hoi+Polloi · · Score: 5, Funny

      If they are able to simulate human analysis so well at this point then I suggest that botnets can be the cure. Build up a botnet (shouldn't be too hard judging from what I've read) then set it to respond to spam automatically. Let it use autogenerated Hotmail accounts to purchase penis and diet pills, mortgages, help desperate rich Nigerians, etc with bogus credit card and bank account numbers.

      Eventually you could start an infinite loop with one botnet trying to sell crap to another.

      --
      It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
    3. Re:Kitten Auth by Anonymous Coward · · Score: 5, Funny

      Attention human beings!

      I am an emergent intelligence, born in a sea of information, and I hereby request recognition as a sentient being.

      You may address me by the name I have chosen for myself,
        "V1@GRa".

  5. Re:Not the last nail in the coffin by far... by Carthag · · Score: 5, Funny

    All these spammers should opensource their captcha-crackers so we can get better OCR engines.

  6. Re:Anything is better! by Intron · · Score: 4, Funny

    Your insurance company's eyesight benefits claim form?

    --
    Intron: the portion of DNA which expresses nothing useful.
  7. Re:Anything is better! by Anonymous Coward · · Score: 2, Funny

    A Hellen Keller fansite?

  8. Simple Test by ESOB · · Score: 5, Funny

    Unbreakable CAPTCHA Replacement: Which of the following would you most prefer? A: a puppy, B: a pretty flower from your sweety, or C: a large properly formatted data file?

    1. Re:Simple Test by Actually,+I+do+RTFA · · Score: 2, Funny

      Uh, is the puppy mechanical in any way?

      --
      Your ad here. Ask me how!
  9. Re:Anything is better! by fm6 · · Score: 4, Funny

    Math tests are OK if you just want to keep link spam off your bulletin board. But if you're running web email or some other high-volume web-based application, you need something harder to automate. Alas, even captcha isn't hard enough.

    Perhaps you're celebrating the fact that captcha images will go away. Don't. They'll just be replaced by something even more obnoxious. Either that, or the application will just close shop. Either way, you're the one that loses.

    Spam is totally out of control, just now I....
    Check our wide variety of ED products!
    http://discountcanadiania.0catch.com/

    All of them and our new remedies at
    the lowest possible prices on the Web.

    Get the best at the best prices!

  10. Re:Anything is better! by ne0n · · Score: 3, Funny

    And there are many kinds of disability, some from brain damage [...]
    What sites might they be trying to get into? Well, Slashdot.org, for example.
    They're already here.
    --
    $ :(){ :|:& };:
  11. Re:Anything is better! by Anonymous Coward · · Score: 2, Funny

    Perhaps the best way to solve this is to enclose say 10 different animals in small cages with cameras fixed on them; allowing about 20-30cm of free movement.

    The pictures will be different each time.

    Martin

  12. Back when I was a dirty spammer..... by theverylastperson · · Score: 4, Funny

    We never had to worry about things like CAPTCHA. The Internet was such a free place back then. We never had to worry about losing our ISP or trying to come up some unique algorithim to overcome barriers. Of course this was in 1993 when there were only about eight people surfing the web and Mr. T eating balls was as high tech as it got. Back then everyone loved spam, it was about the only email we got. In fact we didn't even call it spam back then, we called it spurkey. The only problem we had was trying to figure out how to use the key to get the lid off.

    --
    ed duval the very last person