Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fallout From the Fall of CAPTCHAs

Posted by kdawson on from the script-kiddie-fodder dept.

An anonymous reader recommends Computerworld's look at the rise and fall of CAPTCHAs, and at some of the ways bad guys are leveraging broken CAPTCHAs to ply their evil trade. "CAPTCHA used to be an easy and useful way for Web administrators to authenticate users. Now it's an easy and useful way for malware authors and spammers to do their dirty work. By January 2008, Yahoo Mail's CAPTCHA had been cracked. Gmail was ripped open soon thereafter. Hotmail's top got popped in April. And then things got bad. There are now programs available online (no, we will not tell you where) that automate CAPTCHA attacks. You don't need to have any cracking skills. All you need is a desire to spread spam, make anonymous online attacks against your enemies, propagate malware or, in general, be an online jerk. And it's not just free e-mail sites that can be made to suffer..."

5 of 413 comments (clear)

  1. Captchas are only good for protecting cheap stuff. by nweaver · · Score: 5, Insightful

    CAPTCHAs are only able to protect things worth $.0025, no matter how good they are. Simply because at about that price, you can pay humans to solve them for you.

    Thus for preventing mail spam, it can work. But to prevent, say, bots from harvesting Ticketmaster, they will always fail, no matter how good they are.

    --
    Test your net with Netalyzr
  2. Re:Cracaked CAPTHAs!!! oh no! by Anders · · Score: 5, Insightful

    I hate the fact that a computer can view these things better than I can. Lately, a lot of the CAPTCHAs have become unreadable by human viewers.

    They don't view it better than you, they just do not get impatient from failing 4 out of 5 times.

  3. Re:Mix it up a bit? by jandrese · · Score: 5, Insightful

    Computers are pretty good at math last time I checked. Asking for something that would require a full on AI to answer is good (the hair color part), but the problem is that it requires a human to seed the questions, which means they will be limited in number. If they're limited in number then the spammers will just go through and keep reloading the screen until they've seen all (or mostly all) of the answers and program their bot with the correct answers.

    CAPTCHAs need to be able to be generated algorithmically by a computer, but not answered by one, which is a surprisingly difficult problem. Anything that requires human intervention on the creation of each variation is doomed to fail because spammers have more free time than you do.

    --

    I read the internet for the articles.
  4. Re:Anyone usinging specialised tests? by jandrese · · Score: 5, Insightful

    The problem is that to set up that CAPTCHA you have to have a person sift through a huge picture archive of cats and dogs and mark each one. However, that limits the size of your CAPTCHA dictionary to however many entries a person can parse in a reasonable amount of time. This means the bad guys can sit down a person (or two, or ten) and go through all of your images to seed a database with the correct answers for their bots.

    --

    I read the internet for the articles.
  5. Just use by linhares · · Score: 5, Insightful

    BONGARD PROBLEMS. No machine can crack them in at least 10 years time. And when one does, baby, we'll have genuine AI.