"Captcha (Completely Automated Public Turing test to tell Computers and
Humans Apart) challenge-response systems, which are used to prevent
accounts being created until a user correctly identifies letters in an
image, are designed to ensure requests are made by a human rather than
an automated program. The technique has been used to defeat automatic
sign-ups to email accounts by services including Yahoo! Mail and Gmail
for years, and hackers are increasingly successful in defeating the
approach. For example, the HotLan Trojan has created more than 500,000
spam email accounts with Hotmail, Yahoo! and Gmail since its arrival
back in July 2007.
Websense reckons the latest Gmail Captcha hack is the most
sophisticated it has seen to date. Unlike Live Mail Captcha breaking,
which involved just one zombie host doing the entire job, the Gmail
breaking process involves two compromised hosts. Each of the two
compromised hosts applies a slightly different technique to analyzing
Captcha, as explained in a posting by Websense.
Even using the two techniques, only one in every five
Captcha-breaking requests are successful. It's a fairly low percentage,
but one that's still more than workable in the case of automated
attacks."
Article Link: http://www.theregister.co.uk/2008/02/25/gmail_captcha_crack/
