Russian hackers decode Yahoo!'s captcha

ThraxThrax 🐌Austin, TX Icrontian
edited January 2008 in Science & Tech
The captcha: An image that contains a <i>picture</i> of letters or numbers, generated at random, that a user must type into a box to continue.

[figure align=right]captcha.jpg[/figure]
Most internet registrations now boast a captcha, long thought to be a sure-fire way to foil spambots and other automated registrants. Russian hackers, however, have devised a way to accurately guess the captcha with up to 35% accuracy. With the ability to process thousands of attempts per minute, the practical 100,000:1 odds of finding a success really isn't all that slim.

Comments

  • LeonardoLeonardo Wake up and smell the glaciers Eagle River, Alaska Icrontian
    edited January 2008
    So, what will be the counterstep? More sophisticated captchas. Some of them are already difficult enough that I sometimes need two or three tries at some sites I log into.
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited January 2008
    The counter to the captcha is to use a question that cannot be answered by a bot. A simple fill-in-the-blank type of thing. Keebs instituted something like that for IC. Not sure if we're still using it tho'.
  • yaggayagga Havn't you heard? ... New
    edited January 2008
    Yeah, I hate them. Can we have an end to them once and for all? Then them Russians wasted all their precious time on a worthless cause, hehe...

    umm.. and I sometimes need several attempts as well, sometimes don't notice them, and don't get me started on ones so poorly designed that they use every lower case letter, upper case letter, and number so that a whole bunch of the digits end up looking identical.
  • RWBRWB Icrontian
    edited January 2008
    There have been captcha's that I could read but couldn't get right due to capitalization or mixing up o's with 0's. I think if they went with Hex it wouldn't be as big of a deal for those of us who know a 0 from a O in terms of hex if you get my point(there is no 'O'). Still I recall a blog a while back I didn't agree with initially that said that you shouldn't use these extreme measures becuase you're punishing the user to stop the spammer. One thing I like is the simple random question thing I see popping up that asks if you are human or if you are a robot or something else that is easy to answer. Although it's annoying when they mix the random question with the captcha you have to keep trying on which you don't realize the question is random so when you mess up the captcha you might get it right the second time but you answered the random question the same way you did the last time and gotta do it all over again.... PLUS adding in other annoyances like having to retype your password twice, and any other item you gotta retype all over again. God forbid you make one more mistake.

    This is why I don't register for things anymore, I am so sick of it and leave it to only when I really really really need something.
  • LincLinc Owner Detroit Icrontian
    edited January 2008
    Yes, we still use the question. Our random question is the sequence 1, 2, 3, 4 and one of the numbers is missing and you need to fill it in. Between that, the CAPTCHA, and the IsBot, there's 0 bots getting through.
  • GnomeQueenGnomeQueen The Lulz Queen Mountain Dew Mouth Icrontian
    edited January 2008
    That's what you think. I'm actually a bot. U BUY PLAT NOW!!1111!11111111ONEHUNDRED!!1111
Sign In or Register to comment.