Filed under: Internet, Security, Yahoo!
CAPTCHA hacks could lead to a flood of junkmail
The basic idea behind the CAPTCHA (which stands for Completely Automated Turing Test To Tell Computers and Humans Apart is that computers can't read text if its hidden in an image file. But a Russian researcher claims that he received word that there was an automated CAPTCHA detection system floating around in the wild. So he decided to build his own and managed to create a system which he claims has a 35% accuracy rate.
The claim has some credence, since a Yahoo! spokesperson tells TMCnet that the company is aware of attempts to hack the CAPTCHA system and is working on improvements. In the meantime, if this thing catches on there's a chance you'll see a lot more junk mail letting you know about an opportunity to make $1,000,000 or enlarge certain body parts coming from Yahoo! Mail accounts and other free email services. While the CAPTCHA system was originally developed for Yahoo!, it is now widely used by other services and we're going to go out on a limb and say that if Yahoo!'s implementation of CAPTCHA can be hacked, we'll probably be seeing other sites hacked soon as well.
We suppose Yahoo! can always just make their CAPTCHAs harder to read. Or you know, impossible to read.
[via Slashdot]
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
kingkool68 said 2:58PM on 1-30-2008
It was originally developed by the smart people at Carnegie Mellon -> http://en.wikipedia.org/wiki/Captcha
Security guru Steve Gibson goes into great length about CAPTCHAs on episode #101 of Security Now -> http://www.grc.com/securitynow.htm#101
Wikipedia has some funny captchas from time to time like this one -> http://www.russellheimlich.com/blog/did-wikipedia-just-insult-me/
Reply
James said 3:15PM on 1-30-2008
I had an idea a long time ago to make a pluggable super-CAPTCHA system that was RFC'd as an Internet standard, so people could write their own and everybody could run them mix-n-match, and presumably social-networking sites would spring up to host collections of them and they would succeed or fail according to popularity. I should probably write that up =-)
Seriously, though, if there were an easy way to replace "text smeared twice with 3-5 horizontal lines through it" with "simple addition or subtraction problem" or "name the blue animal in this picture" or "how many houses in this picture", and do it totally at random for each new request, you'd increase the difficulty of the hacker's task by several orders of magnitude. Then add the ability to drop in new processes at a whim, and you get a truly robust system.
If I could just get off my ass and put the project together...
Reply
SteveS said 3:40PM on 1-30-2008
Dumb-a** Yahoo Mail can't even tell that an e-mail from 30 yrs in the future is spam (no kidding, if you have a Yahoo mail account, take a look at your spam folder and look at the dates of them) and they are worried about their CAPTCHA system being broken? Stuff like this explains their stock slide...
Reply
dukemang said 5:24PM on 1-30-2008
We really need to revive a distributed version of Blue Security so we can all just hammer the crap out of these sites with perfectly legal, automated form fillers and shut them down.
Reply
michael said 11:10PM on 1-30-2008
I already see a ton of junk mail in my Y! junk folder. It's sad.
I mainly use Y! and Live Hotmail, and I never noticed at all of any spam filling my inbox. So I'd have to say Live Hotmail is way better. Though I like some stuff of the new Y! Mail, but it's slow and renders bad sometime.
And you have to pay for POP3/IMAP access on Y! Mail!
Reply
John said 2:16PM on 2-04-2008
Or just SUE the company who use it!
Whats the hard in that? Scare the pants of the people who use it and POOF! wow all gone what a surprize!
Reply