Google ReCAPTCHA Cracked

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Tuesday January 11, 2011 @02:40AM from the eggs-bacon-sausage-and dept.

stormdesign writes "Despite denials from Google, a security researcher continues to assert that the Search King's reCAPTCHA system for protecting Web sites from spammers can be successfully exploited by Internet junk mail panderers."

3 of 211 comments (clear)

Min score:

Reason:

Sort:

News for nerds, stuff that mattered... by derfy · 2011-01-11 02:56 · Score: 4, Informative

...last year.
Google reCAPTCHA cracked
Written by John P Mello Jr on January 5, 2010
Re:Google reCAPTCHA cracked... again by prxp · 2011-01-11 02:57 · Score: 4, Informative

Really old news. The guy's paper is dated 2009. It might be possible that Google hasn't act on it yet, but it is the same thing from one year ago. Sensationalism mode detected!
Re:Captcha ZDR .... by isilrion · 2011-01-11 03:54 · Score: 4, Informative

With reCaptcha, you don't have to successfully OCR the scanned word, just the control word. Usually they are indistinguishable by sight (you don't know which one is the control word), but I've seen reCaptcha instances where one word is clear and the other one is unreadable. In these cases, you can type the control word correctly and just write some gibberish for the other, and you'll beat the captcha.
Which means that the spammer won't have to OCR the hardest of the words... just the simpler one. Run the OCR to the full text, post both words, and if the simpler one matches, you broke the captcha.
(I make it sound so easy! It really isn't! I'm amazed that they did break it! I just wanted to point out that it isn't "OCR words that haven't been OCRd before", rather than "OCR words that have been OCRd previously and are now a bit distorted".)