Slashdot Mirror

← Back to Stories (view on slashdot.org)

Now Google's CAPTCHA Is Broken

Posted by CmdrTaco on from the throw-it-on-the-pile dept.

steveit_is writes "Yesterday it was reported that Microsoft's revised CAPTCHA had been cracked. Now it's Google's turn. In a move that is sure to surprise no one, the spammers behind 'Xrumer' have announced that they've not only cracked Google's CAPTCHA, but other forms of image verification as well, including 'pick the cat' style CAPTCHA."

9 of 408 comments (clear)

  1. Well... by bhunachchicken · · Score: 4, Insightful

    ... you've got to admit that it's one hell of an achievement.

    --
    THE HONOUR OF THE KNIGHTS - CC Licensed Sci-Fi Novel
    1. Re:Well... by wtfispcloadletter · · Score: 4, Insightful

      What is? Breaking Captcha? Not even close. Whether it's done with software or by paying humans in China, India, Africa, etc it's not impressive to say the least.

      Google's captcha has been broken for a very long time. Only nobody has admitted it until now. I have several Google alerts setup for certain keywords. I use to get some pretty interesting alerts to articles, blogs, other sites, etc. Now 98%+ of the alerts I get are Blogger.com spam sites. It's been this way for about 5 months, possibly longer, but that's about when I started seeing an influx of pure junk.

      At first I was reporting them to Google. Then after about the 100th or so alert and having checked several of the blogs to see if they were taken down (they weren't, just the one particular page that I reported was) I just gave up. Realizing that Google's captcha is seriously flawed and was broken.

      Google and others need to change how easy it is for people to sign up for an account with them. Yes, it's going to be a hard row to hoe, but it needs to be done, especially for blogspot/blogger.com as those pages are just littering the internet with junk.

  2. Great Source by Frosty+Piss · · Score: 4, Insightful

    Announcing that one has cracked something and actually having cracked that something are two different things. Folks like these are not the most trustworthy sources, especially for their own exploits - er, "sploits".

    --
    If you want news from today, you have to come back tomorrow.
  3. Re:My test: by areusche · · Score: 4, Insightful

    Captcha is a joke. They're become so difficult to read that I can't even decipher what it means!

    I don't know what these companies are going to do to keep spammers from running email bot networks.

    I want to say verify identity with a credit/debit card, but that won't work very well because of Johnny 13 year old who wants a Gmail account.

    I've given up. Please just send me large amounts of email asking me to enlarge my pen15 while remortgaging my sub prime house!

  4. Re:Why by moderatorrater · · Score: 4, Insightful

    They probably should be, honestly. However, why not be thankful that the opposition is being open about their abilities to crack security? Obviously, a CAPTCHA system isn't going to work for the future; we should be developing a new methodology for verification.

  5. Re:My test: by eln · · Score: 4, Insightful

    I want to say verify identity with a credit/debit card, but that won't work very well because of Johnny 13 year old who wants a Gmail account.

    That won't work for anyone who cares about their own privacy. Why would I want to give anyone my credit or debit card number if I wasn't actually buying something from that site at that particular time?

  6. Re:Why by spiffmastercow · · Score: 5, Insightful

    aren't these guys in jail?

    I think the real question is: why are these people not working in research institutes? Image recognition is a hard problem. It's baffling that someone with that kind of talent would be working for spammers instead of in a tenured university position.

  7. Re:My test: by Tx · · Score: 5, Insightful

    "Captcha is a joke. They're become so difficult to read that I can't even decipher what it means!"

    I hear that. I was trying to complete one the other day, and honestly, I was only making educated guesses as to what the characters were, it took me three or four attempts. If they get any tougher, the only people who'll be able to do them will be the spammers using this kind of software!

    --
    Oh no... it's the future.
  8. Re:Why by FilterMapReduce · · Score: 4, Insightful

    Well, CAPTCHAs aren't true Turing tests; the goal of the classic Turing test is to force the computer to exhibit human intelligence in a back-and-forth interaction with an actual human. A CAPTCHA presents only a single intelligence-based challenge (recognizing the image). But if the CAPTCHA is considered to be a kind of limited/lazy Turing test, passing it "honestly" would consist of being able to recognize images in general, like a human, not by merely knowing how to solve the limited scope of image-puzzles that the particular CAPTCHA uses. So in that sense, these CAPTCHA-breakers do "cheat" or "break" the test by exploiting that limited scope.