reCaptcha Not Fool Proof

by on 12/27/2009 in Security, Security Info & Tips

reCaptcha is a technology to stop auto bots from creating email and forum accounts in an attempt to post and send spam. There are tools that use OCR, or optical character recognition techniques and other methods to break reCAPTCHA, a widely used security measure acquired by Google in September.

There are a couple of free tools that are capable of breaking captcha, though, I will not mention them here. These tools are not 100% accurate, but are automated in such a way that they work hands free to create email and forum accounts for spammers to use at a later time.

Google has denied that the current version of its reCAPTCHA captcha service contains vulnerabilities which make it easier for spammers to guess displayed words using automated scripts.

Jonathan Wilkins, the author of the analysis report, has taken a closer look at the new captchas. The main difference is the lack of the horizontal separator line used in the old captchas. Users now find the words easier to read – but so do machines. “The new version of the puzzle is weaker”, Wilkins told The H’s associates at heise Security. In his tests, Wilkins managed to increase the success rate of conventional text recognition nearly tenfold over the previous version (from 5 out of 200 to 23 out of 100).

The only way for webmasters to stop auto bots from registering new accounts is by moderating every new registration. This is time consuming, and in most cases, webmasters don’t have the time.

To learn more about reCaptcha visit http://recaptcha.net/.

5 Responses to “reCaptcha Not Fool Proof”

  1. Ajinkya

    Dec 31st, 2009

    This can make spamming more extensible , but i dont think this can be easily hacked , after all its of google , finally akismet will come to rescue ;)

  2. Arafat Hossain Piyada

    Jan 1st, 2010

    This look terrible but what can a webmaster do! It’s hard to monitor every registration. Hope the technology will improve and make it hard to read for bot and easy for human.

    • Frank J

      Jan 1st, 2010

      Arafat,

      We need to check everything that comes our way to ensure that we stay clean from spammers and other security threats.

  3. Apple tablet

    Jan 3rd, 2010

    Why would google even make something like this? Are they not against spammers? They recode there algorithm to deter spammers.

    • Frank J

      Jan 4th, 2010

      Google didn’t make reCaptcha they bought it and I am sure they will improve it.