In a programmer’s mind

In a previous post, I wrote about my CAPTCHA plugin for blog publishing system. In that post, I was writing about how Microsoft and Yahoo had their CAPTCHA busted in the recents days. It seems like Google is not doing much better or that people are getting better at writing their own character recognition software.

According to this detailed article by Websense Security Labs, Google with his Gmail service has been the target of some spammers in order to create a massive amount of email accounts to be later used as spam vector. As with most free email account providers, they protect their account creation form with a CAPTCHA. It is now down. Here is what can been seen on the account creation form.

Sorry, there seems to be a problem. The service you’re looking for is temporarily unavailable. We’re working hard to restore your access as soon as possible. Please try again in a few hours. Thanks for your patience.

Google CAPTCHAs look like this:

Their CAPTCHAs are considered quite good but it seems like the bad guys are able to have a recognition rate of 20%. It does not seems quite big but it is when you have some automation behind your evil deeds. If you have a bot network that is able to try the account creation form 10 times each second, you can create about 2 accounts per second.

What is also interesting to me is that the bad guys are layering their services. There are some who provide the CAPTCHA breaking service for a fee and others who use their bot network to do the massive try game. We are definitely in the age of services.