Now Google's CAPTCHA Is Broken

← Back to Stories (view on slashdot.org)

Now Google's CAPTCHA Is Broken

Posted by CmdrTaco on Thursday October 2, 2008 @03:33AM from the throw-it-on-the-pile dept.

steveit_is writes "Yesterday it was reported that Microsoft's revised CAPTCHA had been cracked. Now it's Google's turn. In a move that is sure to surprise no one, the spammers behind 'Xrumer' have announced that they've not only cracked Google's CAPTCHA, but other forms of image verification as well, including 'pick the cat' style CAPTCHA."

16 of 408 comments (clear)

Min score:

Reason:

Sort:

Well... by bhunachchicken · 2008-10-02 03:39 · Score: 4, Insightful

... you've got to admit that it's one hell of an achievement.

--
THE HONOUR OF THE KNIGHTS - CC Licensed Sci-Fi Novel
1. Re:Well... by wtfispcloadletter · 2008-10-02 04:03 · Score: 4, Insightful
  
  What is? Breaking Captcha? Not even close. Whether it's done with software or by paying humans in China, India, Africa, etc it's not impressive to say the least.
  Google's captcha has been broken for a very long time. Only nobody has admitted it until now. I have several Google alerts setup for certain keywords. I use to get some pretty interesting alerts to articles, blogs, other sites, etc. Now 98%+ of the alerts I get are Blogger.com spam sites. It's been this way for about 5 months, possibly longer, but that's about when I started seeing an influx of pure junk.
  At first I was reporting them to Google. Then after about the 100th or so alert and having checked several of the blogs to see if they were taken down (they weren't, just the one particular page that I reported was) I just gave up. Realizing that Google's captcha is seriously flawed and was broken.
  Google and others need to change how easy it is for people to sign up for an account with them. Yes, it's going to be a hard row to hoe, but it needs to be done, especially for blogspot/blogger.com as those pages are just littering the internet with junk.
Great Source by Frosty+Piss · 2008-10-02 03:41 · Score: 4, Insightful

Announcing that one has cracked something and actually having cracked that something are two different things. Folks like these are not the most trustworthy sources, especially for their own exploits - er, "sploits".

--
If you want news from today, you have to come back tomorrow.
Re:Why by Bashae · 2008-10-02 03:45 · Score: 3, Insightful

How about an international treaty to implement the death penalty for spammers all over the world.
I mean, why not? Don't we squish mosquitos when they pester us? Spammers are a thousand times more annoying and just as harmful and useless.
Re:My test: by areusche · 2008-10-02 03:46 · Score: 4, Insightful

Captcha is a joke. They're become so difficult to read that I can't even decipher what it means!
I don't know what these companies are going to do to keep spammers from running email bot networks.
I want to say verify identity with a credit/debit card, but that won't work very well because of Johnny 13 year old who wants a Gmail account.
I've given up. Please just send me large amounts of email asking me to enlarge my pen15 while remortgaging my sub prime house!
Re:Why by moderatorrater · 2008-10-02 03:49 · Score: 4, Insightful

They probably should be, honestly. However, why not be thankful that the opposition is being open about their abilities to crack security? Obviously, a CAPTCHA system isn't going to work for the future; we should be developing a new methodology for verification.
Re:Simple solution by iamdrscience · 2008-10-02 03:51 · Score: 3, Insightful

lets just consider the internet closed to new entrants.
Your ideas are intriguing to me and I wish to subscribe to your newsletter.

Really though, I think we would have been better off if we did this about 10 years ago (maybe even 15). Better late than never though, I guess.
Re:Why by Anonymous Coward · 2008-10-02 03:51 · Score: 3, Insightful

No, they write image recognition software. The people who use their programs defraud Google.
Re:My test: by eln · 2008-10-02 03:51 · Score: 4, Insightful

I want to say verify identity with a credit/debit card, but that won't work very well because of Johnny 13 year old who wants a Gmail account.

That won't work for anyone who cares about their own privacy. Why would I want to give anyone my credit or debit card number if I wasn't actually buying something from that site at that particular time?
Re:Why by spiffmastercow · 2008-10-02 03:51 · Score: 5, Insightful

aren't these guys in jail?
I think the real question is: why are these people not working in research institutes? Image recognition is a hard problem. It's baffling that someone with that kind of talent would be working for spammers instead of in a tenured university position.
Re:Why by isorox · 2008-10-02 03:55 · Score: 3, Insightful

How about an international treaty to implement the death penalty for spammers all over the world.
I mean, why not? Don't we squish mosquitos when they pester us? Spammers are a thousand times more annoying and just as harmful and useless.
How about a death penalty for anyone that buys anything from spam?
Re:My test: by Tx · 2008-10-02 04:15 · Score: 5, Insightful

"Captcha is a joke. They're become so difficult to read that I can't even decipher what it means!"
I hear that. I was trying to complete one the other day, and honestly, I was only making educated guesses as to what the characters were, it took me three or four attempts. If they get any tougher, the only people who'll be able to do them will be the spammers using this kind of software!

--
Oh no... it's the future.
Re:Why by lilomar · 2008-10-02 04:22 · Score: 3, Insightful

by breaking turing tests.
Don't you mean passing turing tests?

--
The creator of this post (Jacob Smith) hereby releases it, and all of his other posts, into the public domain.
Re:My test: by Clandestine_Blaze · 2008-10-02 05:01 · Score: 3, Insightful

Soon, the only thing that will be able to read a CAPTCHA will be automated spam bots. The new CAPTCHA test will be: "If you can read this CAPTCHA, you are a spammer."
Those that get the CAPTCHA wrong will get in. Brilliant! Anyone want to subscribe to my newsletter?

--
Best "String" Ever!
Re:Why by FilterMapReduce · 2008-10-02 05:23 · Score: 4, Insightful

Well, CAPTCHAs aren't true Turing tests; the goal of the classic Turing test is to force the computer to exhibit human intelligence in a back-and-forth interaction with an actual human. A CAPTCHA presents only a single intelligence-based challenge (recognizing the image). But if the CAPTCHA is considered to be a kind of limited/lazy Turing test, passing it "honestly" would consist of being able to recognize images in general, like a human, not by merely knowing how to solve the limited scope of image-puzzles that the particular CAPTCHA uses. So in that sense, these CAPTCHA-breakers do "cheat" or "break" the test by exploiting that limited scope.
it's easy by dangil · 2008-10-02 07:41 · Score: 3, Insightful

instead of character recognition, ask questions based on a given image

example:

image with a cat on the left and a dog on the right.

question: what's on the left?
answer: cat

example2:

girl crying, next to a broken glass

question: why the girl is crying?
answer: because of a broken glass

it's very human readable, and very dificult for software interpretation

and I just patented that...