In a previous post, I wrote about my CAPTCHA plugin for blog publishing system. In that post, I was writing about how Microsoft and Yahoo had their CAPTCHA busted in the recents days. It seems like Google is not doing much better or that people are getting better at writing their own character recognition software.
According to this detailed article by Websense Security Labs, Google with his Gmail service has been the target of some spammers in order to create a massive amount of email accounts to be later used as spam vector. As with most free email account providers, they protect their account creation form with a CAPTCHA. It is now down. Here is what can been seen on the account creation form.
Sorry, there seems to be a problem. The service you’re looking for is temporarily unavailable. We’re working hard to restore your access as soon as possible. Please try again in a few hours. Thanks for your patience.
Google CAPTCHAs look like this:
Their CAPTCHAs are considered quite good but it seems like the bad guys are able to have a recognition rate of 20%. It does not seems quite big but it is when you have some automation behind your evil deeds. If you have a bot network that is able to try the account creation form 10 times each second, you can create about 2 accounts per second.
What is also interesting to me is that the bad guys are layering their services. There are some who provide the CAPTCHA breaking service for a fee and others who use their bot network to do the massive try game. We are definitely in the age of services.
Comments 2
Why should I have to cope with difficult to read character recognition tests to send a Yahoo email when I don’t for gmail or aol?
Posted 29 Mar 2009 at 11:43 am ¶Hello Sparky,
I am not a Yahoo mail user. So I cannot verify this. However, the intent of using a CAPTCHA, some difficult to read character recognition test, is to differentiate you from potential automated software. Since it is relatively hard for automated programs to figure out those characters, my guess is that Yahoo feel like it will reduce spam sent from their users using this technique.
Posted 30 Mar 2009 at 1:04 am ¶Trackbacks & Pingbacks 3
[...] Moffat Mathews wrote an interesting post today onHere’s a quick excerptIn a previous post, I wrote about my CAPTCHA plugin for blog publishing system. In that post, I was writing about how Microsoft and Yahoo had their CAPTCHA busted in the recents days. It seems like Google is not doing much better or … [...]
[...] http://www.newsnet14.com wrote an interesting post today onHere’s a quick excerpt In a previous post, I wrote about my CAPTCHA plugin for blog publishing system. In that post, I was writing about how Microsoft and Yahoo had their CAPTCHA busted in the recents days. It seems like Google is not doing much better or that people are getting better at writing their own character recognition software. According to this detailed article by Websense Security Labs, Google with his Gmail service has been the target of some spammers in order to create a massive amount of email account [...]
[...] have you seen this wrote an interesting post today onHere’s a quick excerptIn a previous post, I wrote about my CAPTCHA plugin for blog publishing system. In that post, I was writing about how Microsoft and Yahoo had their CAPTCHA busted in the recents days. It seems like Google is not doing much better or … [...]
Post a Comment