Site icon Liquidmatrix Security Digest

Spammers Have Cracked Gmail Captcha

Ah the old standby the “captcha”. Designed to ensure a human is inputting the information into a web app. That is, until someone got the bright idea to hash all of the possible captcha images.

From the Reg:

Spammers, fresh from the success of cracking the Windows Live captcha used by Hotmail, have broken the equivalent system at Gmail.

Internet security firm Websense reports that miscreants have created bots which are capable of signing up and creating random Gmail accounts for spamming purposes, defeating Captcha-based defences in the process. It reckons the same group of spammers are behind both attacks.

Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge-response systems, which are used to prevent accounts being created until a user correctly identifies letters in an image, are designed to ensure requests are made by a human rather than an automated program. The technique has been used to defeat automatic sign-ups to email accounts by services including Yahoo! Mail and Gmail for years, and hackers are increasingly successful in defeating the approach. For example, the HotLan Trojan has created more than 500,000 spam email accounts with Hotmail, Yahoo! and Gmail since its arrival back in July 2007.

Read on.

Article Link

[tags]Spam, Captcha, Spammers, Gmail Captcha[/tags]

Exit mobile version