Sunday, March 02, 2008
Spammers have started circumventing the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) system used by Google’s email service, Gmail. The Gmail-CAPTCHA attack is quite complicated since it uses two compromised hosts in its attempts to break into the Google CAPTCHA system. The first host attempts to extract a copy of the CAPTCHA image in bitmap format then attempts to break the code. In case it fails, a second host uses the same image, but breaks it down into segments then sends it as a portable image or graphic file. Segmentation is the only task where humans still outperform bots, but it is steadily gaining attention and focus among spammers and bot herders. The popularity of Google makes it difficult to track spammers among the millions of users across the globe. This further makes Google’s domains highly unlikely to get blacklisted. Although breaking the Google CAPTCHA is of a very low percentage as of yet, I cannot deny that it works. We can expect more innovations in the future, and far more effective and creative ways of dealing with bots should definitely be in the to-do lists of email service providers as well.
<< Home