Feb 2009 article regarding automated attacks on CAPTCHAs:  CAPTCHA Conundrum: Automated Attacks Trump Human-Entry Defenses:  http://www.bmighty.com/blog/main/archives/2009/02/captcha_cnondru.html?queryText=anti-spam

From April 2008: “Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA needing only six seconds per attempt, and with a success rate of 10-15 percent, new anti-CAPTCHA bots are dismantling fraud protection systems at Gmail and Windows Live Hotmail, and they are flooding the tubes with spam. Is CAPTCHA finished?”  http://arstechnica.com/security/news/2008/04/gone-in-60-seconds-spambot-cracks-livehotmail-captcha.ars

Post on attack on Yahoo’s CAPTCHA indicating an automated attack of 35% accuracy and claiming that 15% is enough to prove more economical than paying for a human network to manually enter CAPTCHAs:  http://it.slashdot.org/it/08/01/30/0037254.shtml?tid=172

Detailed Feb 2008 article showing a CAPTCHA defeating attack on Gmail signup:  http://securitylabs.websense.com/content/Blogs/2919.aspx

=======================================

Other links of interest:

Schneier article with various links, many of which are below on CAPTCHAs:  http://www.schneier.com/blog/archives/2007/12/defeating_captc.html

WSJ article from 2007 on TicketMaster’s problems deploying a useful CAPTCHA: http://www.codinghorror.com/blog/archives/001001.html

Thinking of CAPTCHA paper looking at issues around CAPTCHA design and defeat-ability including costs of hiring humans to read.  http://www.ocr-research.org.ua/thinking.html

The economics of CAPTCHA assault / defeat in blog spam.  Imagine hwo much more the economics work in getting identity or bank account information / access?  http://nweaver.blogspot.com/2007/12/comment-spam-is-worth-real-money_1124.html

Spammers Using Porn to Break Captchas:  Show people porn pix in exchange for them filling out CAPTCHA fields for you against your site of choice.  Really, really cheap.  Remember the old new saying, “the internet is made of porn”.  ttp://www.schneier.com/blog/archives/2007/11/spammers_using.html

A site that uses math questions to check for “humanity” vs. machineness:  http://random.irb.hr/signup.php

  • Share/Bookmark