Windows Live Hotmail CAPTCHA Cracked, Exploited 362
eldavojohn passes along what may be the last nail in the coffin for CAPTCHA technology. Coming on the heels of credible accounts of the downfall of first Yahoo's and then Gmail's CAPTCHA, Ars Technica is reporting on Websense Security Labs' deconstruction of the cracking and tuning / exploitation of the Live Hotmail CAPTCHA. Ars calculates that a single zombie computer can sign up over 1400 Live Hotmail accounts in a day, and alternate account creation with spamming. Time to dust off Kitten Auth?
Not the last nail in the coffin by far... (Score:5, Informative)
Plus, using ReCAPTCHA instead of other solutions also helps Carnegie-Mellon digitize old books for posterity.
From TFA: Microsoft, Google, and all other websites that currently use CAPTCHA, need to find a solution that puts them a step ahead of the spammers. This may well be it.
"Day Old Bread" in Spamassassin. (Score:4, Informative)
Re:Doubtful (Score:3, Informative)
> from a single IP address?
No. The spammers control millions of bots. Each new account application is proxied via a different bot.
Comment removed (Score:5, Informative)
Re:Not the last nail in the coffin by far... (Score:2, Informative)
- Spam lots of people offering free porn - only catch is they have to prove they're not a bot (wouldn't want those bots to see my exclusive porn)
- When somebody clicks on my link, I immediately go to gmail, start creating an account, and get their captcha
- I pass this captcha on to my would-be porn viewer
- And pass his answer back to google - presto, free account
Kitten Auth and every other practical, free, unintrusive solution I have ever heard of can be broken this way as well.
Back in the day, I interned at Google on the Checkout project when it was just starting up. The opinion of their security experts on stopping bots? Only way to do it reliably at account creation time is to demand a valid credit card number or a small payment.
Re:Awesome article (Score:5, Informative)
Re:Anything is better! (Score:2, Informative)
Re:hotmail ? (Score:3, Informative)
I stand by my claim. I don't have recent statistics because I stopped caring a year or two ago, but when those filters went into place, hotmail.com was a major source of spam and other abuses. Also, something in their mail system was broken that caused trouble for mailing lists because they didn't bounce mails properly, but I forgot the details.