Spambot Cracks Live Hotmail Captcha
Internet users are quite familiar with the Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), a quick method that verifies whether or not the user trying to sign up is a person or a bot. Coming on the heels of credible accounts of the downfall of first Yahoo’s and then Gmail’s CAPTCHA, Ars Technica is reporting on Websense Security Labs’ deconstruction of the cracking and tuning / exploitation of the Live Hotmail CAPTCHA.
Ars calculates that a single zombie computer can sign up over 1400 Live Hotmail accounts in a day, and alternate account creation with spamming. To make matters worse, Websense Security Labs is now reporting that the method for getting around Windows Live Mail’s CAPTCHA has been improved to the point that a bot can decipher the text and make a guess in less than six seconds, on average. Windows Live Hotmail’s Anti-CAPTCHA automatic bot, which hooks itself into Internet Explorer on a victim’s machine, has a success rate of about 10-15 percent. That means that it takes up to one minute for a single bot to create a new account.
Hopefully a workable solution can be found that doesn’t make troublesome demands on the sincere user. Finding, testing, and implementing a CAPTCHA alternative will of course take time.
Source: Ars Technica
Filed under application software