Yahoo CAPTCHA Hacked 252
Hell Yeah! reminds us of a 2-week-old development that somehow escaped notice here. A team of Russian hackers has found a way to decipher a Yahoo CAPTCHA, thought to be one of the most difficult, with 35% accuracy. The Russian group's notice, posted by one "John Wane," is dated January 16. This site hosts a rapidshare link to what looks to be demonstration software for Windows, and quotes the Russian researchers: "It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100,000 tries per day, taking into the consideration the price of not automated recognition — one cent per one CAPTCHA."
Not really news (Score:5, Insightful)
Given the current situation of the chat rooms on yahoo, it comes as no suprise at all that the other parts of the Yahoo system are inadequately protected from bots either.
Re:Gentlemen, start your spambots (Score:4, Insightful)
To register, answer these questions and click the button on the right
What colour are buses in London?
What is three times three?
[Red] [Green] [Blue]
That's really impressive. (Score:5, Insightful)
Lets all say it togeter. (Score:2, Insightful)
Re:Gentlemen, start your spambots (Score:5, Insightful)
What colour are buses in London?
What is three times three?
[Red] [Green] [Blue]
Yes, those are undoubtedly hard questions for a computer. How, exactly, do you plan to generate billions of these questions? For a CAPTCHA to work, it must still be hard even if the generation algorithm is public knowledge.
Re:Gentlemen, start your spambots (Score:4, Insightful)
Re:I thought those things were already broken (Score:5, Insightful)
Warning on playing with the demo (Score:5, Insightful)
Re:I thought those things were already broken (Score:3, Insightful)
Re:35%??? (Score:4, Insightful)
It is sad because with corrective lenses, my vision is 20/20, and I'm highly technical. I should not have any problems with CAPTCHAs; However, my grandmother is another story. She has poor vision, can't figure out how to do a carriage return on her computer, has difficulty understanding the concept of scrollbars, and I'm sure would not be able to deal with even the easiest CAPTCHAs in use today. This is not usability. Granted, given the choice between SPAM or CAPTCHAs, I'll chose the lesser of the two evils...
Re:Gentlemen, start your spambots (Score:3, Insightful)
Lease time on a botnet... (Score:2, Insightful)
Gee, Ya THINK (Score:4, Insightful)
So what's the answer?
I'm sure I don't know. I do know that the wild west theory of accepting any kind of behaviour isn't acceptable. I know that some minimum standard of what's allowed and what isn't is going to have to take place. Where these limits are placed is a thing for a global conversation, and there will be differances of opinion.
Is cracking a captcha acceptalbe? Is phishing and identity theft acceptable? Is fraud and uncontrolled spam acceptable? What limits, and on what actions?
I'm just not that smart. But I think we can agree on a few things. Let's start to find out what those things are... and acting in concert with other network operators to enforce those standards. Fail to meet them, and your network routing gets dropped...
Re:Gentlemen, start your spambots (Score:5, Insightful)
That's true. I've found, however, that introducing custom spam blocking methods, such as this, no matter how easy to break, often does a better job at stopping spam bots than more robust publicly available methods. For a target as big as Yahoo, this probably won't work, but I've found on PHPbb for instance, instead of using any of the publicly available captchas, which are easily defeated by bots, creating a simple question of this sort does wonders for bot-blocking. Even if it's just one question. If your site isn't big enough to be specifically targeted by bot farmers, sometimes a simple solution is better than a more complex one that everybody else is using.
Re:Random Coloration Photos (Score:4, Insightful)
Re:Not really news (Score:2, Insightful)
Re:Random Coloration Photos (Score:3, Insightful)