Completely Automated Public Turing test to tell Computers and Humans Apart or CAPTCHA, is a technique being used by Yahoo, Google, Microsoft and other service providers to prevent automated software programs from posing as humans and signing up for new accounts.

CAPTCHA protects websites from bots by presenting text that is easy for humans to read but difficult for automated programs. The first CAPTCHA was invented at the Carnegie Mellon University to be used by Yahoo. CAPTCHA is also being used to prevent comment spam in blogs and prevent dictionary attacks in password systems.

A team of Russian hackers have found a way to read the CAPTCHA with 35% accuracy. The yahoo! CAPTCHA is believed to be one of the most difficult CAPTCHA’s to crack. because it utilizes bended alpha numeric characters and other features you might expect from a strong CAPTCHA, and still it’s easy to solve by humans.

What the Russian hackers had to say about the Yahoo! CAPTCHA:

“It’s not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100,000 tries per day, taking into the consideration the price of not automated recognition – one cent per one CAPTCHA.” - which seems a plausible conclusion.

The implementation of yahoo CAPTCHA recognition engine is here . It consists of two projects (client and server).

First project (server) needs MATLAB 2007a Compiler Runtime (MCR) installed. It waits for a connection and receives CAPTCHA, after that it sends recognized CAPTCHA text string back to client.

Client reads jpg-files in test1 directory and sends them one by one to the server located on the same machine. “

Now that hackers are able to read CAPTCHAs, is there a possibility that a “tsunami of spam” is in the offing?

Popularity: 4% [?]