Wednesday, April 16, 2008

CAPTCHA Breaking for Hotmail and Gmail

These people at Websense really impressed me. They've analyzed how automated bots planted on victim's pc were used to break the Microsoft Live Mail (Hotmail) CAPTCHA security defense as well as the popular Google's Gmail!

Read it on here, the article is well written and you'll get excited as you read thru.

In short, the workings isn't too hard either. Look at these CAPTCHA images from Hotmail and Gmail, they were being grabbed and sent to a website for manual recognition by human.

And should the result be correct (or wrong as well), the result is being sent to Artificial Intelligent training bot, which will learn on how to crack the CAPTCHA automatically sorely with machine recognition. If the training set is large enough, there goes the CAPTCHA line of defense.

There is no full proof way to avoid spammers signing up accounts, since they can always hire teenagers that are more than willing to signup multiple accounts at the internet cafe for them in return of some pocket money.


No comments: