« PHP 5.3 and Delayed Cross Site Request Forgeries/Hijacking | Main | CGISecurity Interview: Jeremiah Grossman provides more details on clickjacking attack »

R.I.P. Captcha's: Gmail, Hotmail, Etc...

XRumer was recently released putting another nail in the CAPTCHA Coffin.

"The decline in CAPTCHA efficacy has been an ongoing story in 2008, as hackers and malware authors have steadily found ways to chip away at the protection these security practices were once thought to offer. Now, new findings indicate that both Gmail and Windows Live Hotmail have been compromised again, this time via a more-streamlined attack process. With two of the largest webmail providers once again vulnerable, CAPTCHAs clearly aren't meeting the security needs of either company, and it may be time to reevaluate the use of them altogether. " - arstechnica

There are some details XRumer at aghu.

"XRumer is a Windows program that posts forum, blog, private message, and guestbook spam with the aim of boosting search engine rankings. It is able to bypass techniques commonly used by many websites to deter automated spam, such as account registration, CAPTCHAs, and e-mail activation before posting, however the older versions still had trouble with 'fancier' CAPTCHA. Not anymore.

This time those evil Russian bastards have not only managed to crack Googles captcha, but they've also figure out how to beat those horrible 'click on the cutest cat' style CAPTCHA tests. It's amazing!" - aghu.st

Read more: http://arstechnica.com/news.ars/post/20081002-right-back-at-ya-captcha-bad-guys-crack-gmail-hotmail.html
Xrumer Features: http://agha.st/2008/10/xrumer-50a---google-captcha-cracked.php


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!