Windows Live Hotmail CAPTCHA Cracked, Exploited
eldavojohn passes along what may be the last nail in the coffin for CAPTCHA technology. Coming on the heels of credible accounts of the downfall of first Yahoo's and then Gmail's CAPTCHA, Ars Technica is reporting on Websense Security Labs' deconstruction of the cracking and tuning / exploitation of the Live Hotmail CAPTCHA. Ars calculates that a single zombie computer can sign up over 1400 Live Hotmail accounts in a day, and alternate account creation with spamming. Time to dust off Kitten Auth?
One of the best 'exploit' related articles I've seen on /. for awhile. There is actual evidence, and actual screenshots of the exploit in action! No journalists here referring to "magic interweb programs". I wish there was more of this kind of stuff in the news, frankly I'm tired of articles full of statistics but nothing on the tech.
Obligatory blog plug: http://www.caseybanner.ca/
What we need is a reliable way of determining the age of an account. I would like to refuse mail from any account created less than a week ago. Same for domains. Maybe have a way for finding out that a domain has moved to 10 different IP addresses in the last year as a negative score in spamassassin.
Intron: the portion of DNA which expresses nothing useful.