CAPTCHA (Completely Automated Turing Test To Tell Computers and Humans Apart), is a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. For example, humans can read distorted text as the one shown below, but current computer programs can’t:
The Yahoo! CAPTCHA being the most difficult CAPTCHA to crack found itself vulnerable to a team of Russian hackers who found a way to read the CAPTCHA with 35% accuracy. Yahoo! Captcha utilizes bended alpha numeric characters and other features that one might expect from a strong CAPTCHA, but is still recognizable by humans.
This is what the hackers said about Yahoo! CAPTCHA:
The CAPTCHA has a vulnerability we’ll discuss later. It’s not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100.000 tries per day, taking into the consideration the price of not automated recognition – one cent per one CAPTCHA.
This is an alarming issue for everybody. This kind of vulnerability will allow more emails to be registered automatically and can be used for phishing spam and fraud. This will clearly have a great negative impact on the online community and businesses. They must find new ways to improve CAPTCHA. Maybe we’ll be seeing some form of evolution in CAPTCHA, what are those billion dollar companies paying their programmers and developers for anyway. If this is not resolved quickly, we can expect automated online businesses, blogs, and any site that utilizes CAPTCHA to take extra effort in making sure that they are safe from spam by checking their comments and transactions manually.