Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Live Hotmail CAPTCHA Cracked, Exploited

Posted by kdawson on from the nice-idea-while-it-lasted dept.

eldavojohn passes along what may be the last nail in the coffin for CAPTCHA technology. Coming on the heels of credible accounts of the downfall of first Yahoo's and then Gmail's CAPTCHA, Ars Technica is reporting on Websense Security Labs' deconstruction of the cracking and tuning / exploitation of the Live Hotmail CAPTCHA. Ars calculates that a single zombie computer can sign up over 1400 Live Hotmail accounts in a day, and alternate account creation with spamming. Time to dust off Kitten Auth?

3 of 362 comments (clear)

  1. Not the last nail in the coffin by far... by MrKevvy · · Score: 5, Informative

    No one has cracked ReCAPTCHA yet. (This CAPTCHA had a Slashdot article a few months ago.) As it uses text digitized from old books that the best OCR technology couldn't read, it's continually different and already demonstrated to be unintelligible to machines.

    Plus, using ReCAPTCHA instead of other solutions also helps Carnegie-Mellon digitize old books for posterity.

    From TFA: Microsoft, Google, and all other websites that currently use CAPTCHA, need to find a solution that puts them a step ahead of the spammers. This may well be it.

    --
    -- Insert witty one-liner here. --
  2. Re:Anything is better! by Jafafa+Hots · · Score: 5, Informative

    If have accessibility barriers so serious that you can't tell a picture of a kitten from a picture of a dog or tell the difference between a kitten meowing and a dog barking, where are you trying to register? I'm disabled. The net is a huge boon to the disabled, allowing them to shop more easily, save money because we have limited incomes... learn about things that can help us lead more normal lives, get support from others, get medical information, entertain ourselves since maybe we can't go jogging or drive to and then pay for a movie, etc.

    I'd frankly argue that the net is more important for many disabled people such as myself than it is for "normal" people.

    And there are many kinds of disability, some from brain damage, that cause all kinds of cognitive problems. So it's entirely possible for a person to be able to use the net, read text, or have his/her machine read it to them, but who might not be able to tell the different between a cat and a dog.

    What sites might they be trying to get into? Well, Slashdot.org, for example.

    --
    This space available.
  3. Re:Awesome article by kcbanner · · Score: 4, Informative

    These are used by botnets, usually the user has no idea this is running on their PC. Also, there is such a vast number of PCs, many of which could be behind a corp firewall or gateway. Blocking by IP has never worked in the long term.

    --
    Obligatory blog plug: http://www.caseybanner.ca/