Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google ReCAPTCHA Cracked

Posted by CmdrTaco on from the eggs-bacon-sausage-and dept.

stormdesign writes "Despite denials from Google, a security researcher continues to assert that the Search King's reCAPTCHA system for protecting Web sites from spammers can be successfully exploited by Internet junk mail panderers."

12 of 211 comments (clear)

  1. Theres only one weapon left in the arsenal by antifoidulus · · Score: 5, Insightful

    Come on Google, we all know that in the Capcha war, we only have one weapon left, capcha porn. There isn't a spambot alive who could answer "In the above movie, how many cocks were inside Jenna Jameson?" or "what sex position is this?"

    --
    Monstar L
    1. Re:Theres only one weapon left in the arsenal by Abstrackt · · Score: 4, Funny

      There isn't a spambot alive who could answer "In the above movie, how many cocks were inside Jenna Jameson?" or "what sex position is this?"

      Six and the Arabian spinecracker.

      You could just hire people from /. to solve captcha porn.

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  2. News for nerds, stuff that mattered... by derfy · · Score: 4, Informative

    ...last year.

    Google reCAPTCHA cracked
    Written by John P Mello Jr on January 5, 2010

    1. Re:News for nerds, stuff that mattered... by Cthefuture · · Score: 4, Interesting

      Yeah but something has happened recently, maybe the spammers got a new tool or something because I have noticed a whole bunch of spam being posted on my reCAPTCHA protected sites. This just started in the last couple of days where previously I had none.

      --
      The ratio of people to cake is too big
  3. Re:Google reCAPTCHA cracked... again by prxp · · Score: 4, Informative

    Really old news. The guy's paper is dated 2009. It might be possible that Google hasn't act on it yet, but it is the same thing from one year ago. Sensationalism mode detected!

  4. Re:Captcha ZDR .... by devxo · · Score: 5, Interesting

    All captchas are practically useless. There is no need to crack them - for example decaptcher solves 1000 captchas for $2. Any captcha type works since they're solved by humans. They also have API's for several different languages which lets the programmer easily to put the process to their programs.

    As long as there's really cheap workforce and economic differences in the world, things like this won't be solved.

  5. Re:Does this mean.... by Moryath · · Score: 4, Insightful

    The problem is simple to solve though:

    Spamming is profitable. That's why the spammers do it.

    What we need is simple: we need to make Spamming unprofitable. (I almost said make Spam unprofitable, but I actually kinda like Hormel's product).

    This wouldn't be that hard to do. Spammers hit government addresses like anything else. Hit the purveyors of the product, the people who hire the spammers, with a nasty "kill your business for good" level fine for every product that goes out in a spamming campaign - problem solved, none of these guys will ever be so stupid as to hire a spammer again.

    That leaves the virus-purveyors and identity-theft types to deal with, true, but the bulk of the money spent on breaking CAPTCHA solutions and everything else comes from the spam-for-profit guys, so if we hit them first, the rest are more manageable.

  6. Re:Captcha ZDR .... by Anonymous Coward · · Score: 4, Insightful

    That might work for your vanity blog, but higher traffic sites are more valuable targets and as such attract greater efforts.

  7. Re:Does this mean.... by Deep+Esophagus · · Score: 5, Interesting

    My wife moderates a couple of local Freecycle [tm] lists, and she requires new subscribers to mention some nearby landmark in their neighborhood to show they really are local. The result: NO spam, ever. Once or twice in ten years she's actually had someone try to make up a plausible sounding name that they must have picked up from a yellow pages search because it referred to the name you can see on maps and not what everybody actually calls the place.

  8. Re:Captcha ZDR .... by SeaHunter · · Score: 5, Interesting

    I remember a message board from a few years ago where some guy had talked about taking a screen shot of a captcha and displaying it on his free porn site making it look like it was really from his site. The person looking at the porn site would type in the captcha answer and his script would in turn use this user provided solution to solve the real captcha on the original site letting his script get past the captchas and spam the message board. So if it really did work he got 1000's of captchas solved by humans for free.

  9. Re:Captcha ZDR .... by isilrion · · Score: 4, Informative

    With reCaptcha, you don't have to successfully OCR the scanned word, just the control word. Usually they are indistinguishable by sight (you don't know which one is the control word), but I've seen reCaptcha instances where one word is clear and the other one is unreadable. In these cases, you can type the control word correctly and just write some gibberish for the other, and you'll beat the captcha.

    Which means that the spammer won't have to OCR the hardest of the words... just the simpler one. Run the OCR to the full text, post both words, and if the simpler one matches, you broke the captcha.

    (I make it sound so easy! It really isn't! I'm amazed that they did break it! I just wanted to point out that it isn't "OCR words that haven't been OCRd before", rather than "OCR words that have been OCRd previously and are now a bit distorted".)

  10. Re:Captcha ZDR .... by IhateMonkeys · · Score: 4, Funny

    Steve from Kansas.

    Apparently he really likes curry chicken. Kinda odd fellow.