doug-swisher.net

October 19, 2008

Breaking CAPTCHA

Filed under: Software — Tags: — Doug @ 12:20 am

I always figured there were ways spammers could get around CAPTCHA (Completely Automated Turing Test To Tell Computers and Humans Apart), but I’d never seen it discussed.  For those that might not be familiar with the name, a CAPTCHA is one of those weird text challenges where you have to type in some cryptic text to register on a site:

CAPTCHA Sample

CAPTCHA Sample

I stumbled across an article describing a trojan that presents voyeurs with a woman doing a strip tease – each successful CAPTCHA entry removes another article of clothing.  One such trojan (HotLan) has been used to create more than 500,000 accounts on popular e-mail sites.

It struck me as a bit ironic that clicking on the “Discuss this article” link on that website prompted me with a registration form that included a CAPTCHA challenge.

The CAPTCHA web site acknowledges the issue, but deems it “not a concern”:

While it might be the case that some spammers use porn sites to attack CAPTCHAs, the amount of damage this can inflict is tiny (so tiny that we haven’t even noticed a dent!).

In spite of all this, I don’t see much of an alternative, and I’m sure I’ll continue to use CAPTCHAs on sites.  At least it makes it a lot harder for spammers…

Advertisements

1 Comment »

  1. Nice example of social engineering (?). They probably use it with some genetic algorightms & neural nets …

    Comment by hribek — December 21, 2008 @ 4:19 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: