How Hackers Listened Their Way Around Google's Recaptcha 101
An anonymous reader writes with this story at Ars Technica: "Three self-taught hackers from the DC949 hacker collective managed to use a combination of techniques to beat ReCaptcha with 99.1% accuracy (better than most humans!)" In short, the hackers skipped the visual part of the Recaptcha system entirely, focusing on the audio alternative, which gave them a few convenient angles of attack. Google responded with changes to the system, but that doesn't minimize their accomplishment.
Another solution.. (Score:5, Informative)
Most of the spammers who circumvent captcha's use real people to fill in their captcha's for them. How they do it:
1) A pay-per-filled-in-captcha site (where members solve captcha's, not really getting paid eventhough they think they will be) OR a high traffic site (false/scam sites, hacked sites, etc)
2) Mirror the image from the site you want to spam to your own site
3) A person visits your own site with the mirrored image and solves the captcha
4) Mirror the answer back to the site you want to spam
5) ???
6) Profit! (literally)
Re:How far behind were the criminals/spammers? (Score:5, Informative)
Re:How far behind were the criminals/spammers?
At about 75%, from what I read on the black hat forums.
There's a whole social spam ecosystem out there now, with tools and services for spamming Facebook, Twitter, Instagram, Google+, Yelp, Tumblr, Youtube, random blogs, and for retro types, Myspace. It's not just a few people doing this. It's an industry with a supply chain. Read my "Social is bad for search, and search is bad for social" [sitetruth.com] paper for an overview. If it feeds into Google search rankings, it's being spammed.