Thursday, May 22, 2003

Cool new CAPTCHA hack

The CAPTCHA Project at CMU defines CAPTCHAs as a program that can generate and grade tests that most humans can pass but current computer programs cannot. CAPTCHAs are used to protect things from programmatic abuse (think spam). Not a bad idea, but I just got a note from Bryce Jasmer describing a cool new way to defeat them:

I just heard a story about some system that someone has created in order to pass the turing tests and create thousands of spam launching email addresses at hotmail.com, yahoo.com, etc.

You create a website with a bunch of porn on it. You serve up an image at the same time you try to try to create a yahoo email account. You snag the touring test image, put it on your page of porn and have the user type in the results in order to see the next porn image. You take the result and feed it back to yahoo, and you have your automatically created account.

posted by linus @ 1:23 PM   6 comments

6 Comments:

At 9:59 AM, Anonymous Anonymous said...

that wont work

 
At 5:35 PM, Anonymous Anonymous said...

As a result you get an image with unreadable characters and you need to guess 10 times to pass.

This is a great work, dont u think so?

 
At 10:12 PM, Anonymous Anonymous said...

Lol, If only things happened that quick

 
At 3:02 PM, Anonymous Anonymous said...

Never say never you will eventually only be proved wrong.

 
At 7:59 AM, Anonymous Anonymous said...

This captcha words can be easily hack, here is an article which describe how it can be done:

http://j2ee-now.blogspot.com/2008/03/captcha-hack-part-1.html

 
At 7:10 PM, Blogger BinaryBrother said...

As a matter of fact, it will work... Assuming that Yahoo doesn't use expiration timers, and even if they did, a lot of the user typed captchas would make it in time if the porn site was popular enough. The code is simple...

The program does all the work filling everything in on teh yahoo sign-up form, once it runs into the Captcha, it can simply download that image from the corresponding page, and upload it to a server then kick back and scan a file every (5 seconds?) and wait for that file to be filled with a (x digit number), the PHP page on the server simply has to create a 'fake' form asking for a 'captcha' to view the next image, once they enter the captcha, the PHP can write that input number to the file that the script is watching, once the script sees the file isn't empty, it reads the file, and puts that text into it's current captcha...

GENIUS!

You are seriously a genius man...

 

Post a Comment

<< Home