Captchas have been under fire before. After recent attempts on breaking Yahoo's systems, Google is the next target:
Websense believes that from the spammers’ perspective, there are four main advantages to this approach. First, signing up for an account with Google allows access to its wide portfolio of services. Second, Google’s domains are unlikely to be blacklisted. Third, they are free to sign up. And fourth, it may be hard to keep track of them as millions of users worldwide are using various Google services on a regular basis.
...
It is observed that at this stage bots (or bot-infected machines) are trying to sign up as many accounts as possible with Gmail mail services. One of the main concerns here is attacking CAPTCHA. Unfortunately, spammers seem to have success with it. The bot is signing up an account feeding all the prerequisites or input data that goes into the signup page and successfully creating a mail account.
...
On average, only 1 in every 5 CAPTCHA breaking requests are successfully including both algorithms used by the bot, approximating a success rate of 20%. The second algorithm (segmentation) has very poor performance that sometimes totally fails and returns garbage or incorrect answers.
Read more (Websense)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment