Researcher 'cracks' Yahoo anti-scam feature

CAPTCHA has been effectively cracked

A security researcher has claimed that Yahoo's system for blocking automated access to its systems - the CAPTCHA image-recognition system - has been effectively cracked.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) systems are used by Yahoo, as well as Google, Microsoft and others, to stop automated systems from registering web-based email accounts, filling blog comments sections with spam and guessing passwords.

The systems typically present users with a series of characters that can be deciphered by humans, but not by image-recognition software.

Various implementations of automated CAPTCHA-cracking software have been developed, largely by spammers, but Yahoo's CAPTCHA system so far has been ranked as one of the toughest to crack.

For example, several websites selling CAPTCHA cracks for sites such as eBay said Yahoo's system was next to impossible to decode.

This week, however, a programmer using the pseudonym "John Wane" and claiming to be a Russian security researcher posted code for a decoder system which he said can attain an accuracy rate of about 35 percent.

The researcher said Yahoo had been notified about the problem but had not responded.

The decoder could be used by spammers to, for instance, register Yahoo email accounts for spam purposes or to break through anti-spam features, the researcher said.

"It's not necessary to achieve a high degree of accuracy when designing automated recognition software," he wrote. "An accuracy of 15 percent is enough when attacker is able to run 100,000 tries per day."

In a statement, Yahoo said it is aware of attempts being made toward automated solutions for CAPTCHA images, and is working on improvements to the system and other defenses.

Last year spammers used a virtual stripper as bait to dupe people into helping criminals crack CAPTCHA codes.

Security researchers warned that a series of photographs shows "Melissa" - no relation to the 1999 worm by the same name - with progressively fewer clothes and more skin each time the user correctly enters the characters in an accompanying CAPTCHA codes.

Forrester said recently that spammers are increasingly using artificial intelligence tactics to get their junk delivered to email users.

The booming image spam pandemic is merely the tip of the iceberg when it comes to spammers' use of AI, Forrester said.

The only way to prevent a repeat of the image spam surge as new models using AI come to light, Forrester analysts said, will be for technology vendors and their customers to abandon the current filtering-heavy approach and instead battle the roots of the problem.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?