Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA

From: David Farber <dave () farber net>
Date: Mon, 5 May 2008 10:39:41 -0400


Begin forwarded message:

From: Monty Solomon <monty () roscom com>
Date: April 16, 2008 8:05:12 AM EDT
To: undisclosed-recipient:;
Subject: Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA


Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA

By Emil Protalinski | Published: April 15, 2008 - 09:13AM CT

Internet users are quite familiar with the Completely Automated
Public Turing test to tell Computers and Humans Apart (CAPTCHA), a
quick method that verifies whether or not the user trying to sign up
is a person or a bot. A picture with swirled, mangled, or otherwise
distorted characters is displayed and the user then types in the
correct letters or numbers. Thus far, the system has worked well to
slow down malicious bots, but recently the groups behind such
software have made significant strides. A security firm is now
reporting that the CAPTCHA used for Windows Live Mail can now be
cracked in as little as 60 seconds.

Back in early February, a group cracked Windows Live Hotmail's
CAPTCHA. A few weeks later, Gmail's version followed suit. In just
over a month's time, some anti-spam vendors were forced to completely
block the domain for the popular service as bots signed up for
thousands of bogus accounts and began to flood the tubes with e-mail
advertisements for lottery tickets and watches. The close proximity
of the two cracks has done everything but sealed CAPTCHA's fate.

To make matters worse, Websense Security Labs is now reporting that
the method for getting around Windows Live Mail's CAPTCHA has been
improved to the point that a bot can decipher the text and make a
guess in less than six seconds, on average. Windows Live Hotmail's
Anti-CAPTCHA automatic bot, which hooks itself into Internet Explorer
on a victim's machine, has a success rate of about 10-15 percent.
That means that it takes up to one minute for a single bot to create
a new account.

...

http://arstechnica.com/news.ars/post/20080415-gone-in-60-seconds-spambot-cracks-livehotmail-captcha.html



-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: