Yahoo CAPTCHA Hacked 252
Hell Yeah! reminds us of a 2-week-old development that somehow escaped notice here. A team of Russian hackers has found a way to decipher a Yahoo CAPTCHA, thought to be one of the most difficult, with 35% accuracy. The Russian group's notice, posted by one "John Wane," is dated January 16. This site hosts a rapidshare link to what looks to be demonstration software for Windows, and quotes the Russian researchers: "It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100,000 tries per day, taking into the consideration the price of not automated recognition — one cent per one CAPTCHA."
Only Yahoo? (Score:5, Informative)
Also, Yahoo captchas aren't that "hard" - they are black text from known font pools on a white background that get slightly warped and have black lines drawn on some characters. This is hardly strong since it doesn't hit all letters within the word (which is done by reCAPTCHA) or use a large font-pool variety.
Even the Slashdot Captcha is harder - it hits the whole image and uses different fonts within the word.
Re:captcha security (Score:2, Informative)
Re:captcha security (Score:4, Informative)
35%??? (Score:4, Informative)
Re:captcha security (Score:5, Informative)
Hence all good modern captchas have moved away from character recognition captchas (such as yours) to segmentation based captchas. You only need to read the wikipedia article on CAPTCHAs to see some examples: http://en.wikipedia.org/wiki/Captcha [wikipedia.org].
Re:I thought those things were already broken (Score:4, Informative)
Here is a link to a BBC article about something like that. It's a Windows program that rewards typing in captchas by showing a woman that takes off progressively more and more clothes.
Re:I thought those things were already broken (Score:3, Informative)
Yahoo fails even with captcha (Score:2, Informative)
What about accessibility (Score:2, Informative)
With advocacy groups like the National Federation of the Blind suing Target for their inaccessible website it'll be a very tough challenge to develop new good captchas while maintaining accessibility to everyone.
On another note, could an organization representing the mathematically challenged sue companies using math captchas?
Re:Gentlemen, start your spambots (Score:3, Informative)
Re:I thought those things were already broken (Score:4, Informative)
I don't know exactly how large porn images are, never having looked at them, but if you guess a round number of 0.1 MB per picture, it's only about $0.0001, or 0.01 cent per captcha. I suppose it's better than nothing, but it's not yet very cost-prohibitive.
What about i18n? (Score:3, Informative)