October 19, 2008

Breaking CAPTCHA

Filed under: Software — Tags: — Doug @ 12:20 am

I always figured there were ways spammers could get around CAPTCHA (Completely Automated Turing Test To Tell Computers and Humans Apart), but I’d never seen it discussed.  For those that might not be familiar with the name, a CAPTCHA is one of those weird text challenges where you have to type in some cryptic text to register on a site:



I stumbled across an article describing a trojan that presents voyeurs with a woman doing a strip tease – each successful CAPTCHA entry removes another article of clothing.  One such trojan (HotLan) has been used to create more than 500,000 accounts on popular e-mail sites.

It struck me as a bit ironic that clicking on the “Discuss this article” link on that website prompted me with a registration form that included a CAPTCHA challenge.

The CAPTCHA web site acknowledges the issue, but deems it “not a concern”:

While it might be the case that some spammers use porn sites to attack CAPTCHAs, the amount of damage this can inflict is tiny (so tiny that we haven’t even noticed a dent!).

In spite of all this, I don’t see much of an alternative, and I’m sure I’ll continue to use CAPTCHAs on sites.  At least it makes it a lot harder for spammers…

Blog at