Tumblr 101: Tips And Tricks To Get Started
Sebastian Thrun: Google's Driverless Car
CAPTCHA hacks could lead to a flood of junkmail
The basic idea behind the CAPTCHA (which stands for Completely Automated Turing Test To Tell Computers and Humans Apart is that computers can't read text if its hidden in an image file. But a Russian researcher claims that he received word that there was an automated CAPTCHA detection system floating around in the wild. So he decided to build his own and managed to create a system which he claims has a 35% accuracy rate.
The claim has some credence, since a Yahoo! spokesperson tells TMCnet that the company is aware of attempts to hack the CAPTCHA system and is working on improvements. In the meantime, if this thing catches on there's a chance you'll see a lot more junk mail letting you know about an opportunity to make $1,000,000 or enlarge certain body parts coming from Yahoo! Mail accounts and other free email services. While the CAPTCHA system was originally developed for Yahoo!, it is now widely used by other services and we're going to go out on a limb and say that if Yahoo!'s implementation of CAPTCHA can be hacked, we'll probably be seeing other sites hacked soon as well.
We suppose Yahoo! can always just make their CAPTCHAs harder to read. Or you know, impossible to read.
[via Slashdot]
Comments
6
Subscribe to commentskingkool68Jan 30th 2008 2:58PM
It was originally developed by the smart people at Carnegie Mellon -> http://en.wikipedia.org/wiki/Captcha
Security guru Steve Gibson goes into great length about CAPTCHAs on episode #101 of Security Now -> http://www.grc.com/securitynow.htm#101
Wikipedia has some funny captchas from time to time like this one -> http://www.russellheimlich.com/blog/did-wikipedia-just-insult-me/
JamesJan 30th 2008 3:15PM
I had an idea a long time ago to make a pluggable super-CAPTCHA system that was RFC'd as an Internet standard, so people could write their own and everybody could run them mix-n-match, and presumably social-networking sites would spring up to host collections of them and they would succeed or fail according to popularity. I should probably write that up =-)
Seriously, though, if there were an easy way to replace "text smeared twice with 3-5 horizontal lines through it" with "simple addition or subtraction problem" or "name the blue animal in this picture" or "how many houses in this picture", and do it totally at random for each new request, you'd increase the difficulty of the hacker's task by several orders of magnitude. Then add the ability to drop in new processes at a whim, and you get a truly robust system.
If I could just get off my ass and put the project together...
SteveSJan 30th 2008 3:40PM
Dumb-a** Yahoo Mail can't even tell that an e-mail from 30 yrs in the future is spam (no kidding, if you have a Yahoo mail account, take a look at your spam folder and look at the dates of them) and they are worried about their CAPTCHA system being broken? Stuff like this explains their stock slide...
dukemangJan 30th 2008 5:24PM
We really need to revive a distributed version of Blue Security so we can all just hammer the crap out of these sites with perfectly legal, automated form fillers and shut them down.
michaelJan 30th 2008 11:10PM
I already see a ton of junk mail in my Y! junk folder. It's sad.
I mainly use Y! and Live Hotmail, and I never noticed at all of any spam filling my inbox. So I'd have to say Live Hotmail is way better. Though I like some stuff of the new Y! Mail, but it's slow and renders bad sometime.
And you have to pay for POP3/IMAP access on Y! Mail!
JohnFeb 4th 2008 2:16PM
Or just SUE the company who use it!
Whats the hard in that? Scare the pants of the people who use it and POOF! wow all gone what a surprize!