Gawker: valleywag, captcha

Google audio security measure broken, or so we hear

Nicholas Carlson — Fri, 02 May 2008 13:00:00 EDT

The distorted images websites use for logins, known as captchas, or Completely Automated Public Turing test to Tell Computers and Humans Apart, work by distorting a set of numbers and letters in such a way that only humans would recognize them. For blind Internet users, websites use audible captchas, which do the same thing with sound. For a while, both types effectively prevented spammers from registering Gmail addresses with automated scripts. But Russians looking for a little extra cash — about $3 a day — helped crooks break Google's image captchas earlier this year. Now Wintercore Labs says Google's audio captchas are broken too. IDG reports:

There are repeatable patterns evident in the audio file and by applying a set of complex but straightforward processes, a library can be built of the basic signal for each possible character that can appear in the captcha.

Google's Blogger flooded by spammers

Jackson West — Fri, 25 Apr 2008 14:20:00 EDT

Over the last few months, wily spammers may have figured out how to crack the security feature known as "captchas." With an army of compromised Windows PCs known as botnets, they've been using their new power to flood Google's Blogger with spam. Why Blogger?

Likely because of the rumored privilege afforded to it by Google's search algorithm. Blogger blogs appear on the blogspot.com domain, which has high rank in search results, and Google makes it easy to run profitable AdSense text links on the site. That adds up to easy money.Researchers aren't clear if spammers have managed to compromise captchas through automation or simply by employing cheap labor, but if the latter, then even KittenAuth won't be able to stem the tide of spam blogs gaming keywords for clickfraud riches. Your move, Google.

Captcha codes being broken by hand in Russia

Paul Boutin — Thu, 13 Mar 2008 19:20:57 EDT

Captcha codes are designed to be unreadable by computers, only by humans, so they can be used to lock spambots out of websites. But Google and Websense have determined, by analyzing traffic patterns, that captcha codes are being cracked nightly — not by machines, but by third-world employees. Brad Stone at the New York Times blogs that one Russian-language set of instructions for captcha-cracking promises a minimum $3 per day for the work.