Microsoft’s CAPTCHA Teared Apart
Welcome, if you like the post do subscribe to my RSS feed. Thanks for visiting!
Jeff Yan and Ahmad Salah El Ahmad, at the School of Computing Science, Newcastle University, England recently in their research paper demonstrated how they’ve managed to attack the Microsoft’s CAPTCHA used on several of Microsoft’s online services such as Hotmail and Windows Live, with over 92% recognition rate.
You can read their research paper named “A Low-cost Attack on a Microsoft CAPTCHA“, which clearly how vulnerable CAPTCHA has been from 2007 since the spammers attack grew tremendously.
Excerpt of their Research paper:
In this paper, we analyse the security of a text-based CAPTCHA designed by Microsoft and deployed for years at many of their online services including Hotmail, MSN and Windows Live. This scheme was designed to be segmentation-resistant, and it has been well studied and tuned by its designers over the years. However, our simple attack has achieved a segmentation success rate of higher than 90% against this scheme. It took ~80 ms for our attack to completely segment a challenge on a desktop computer with a 1.86 GHz Intel Core 2 CPU and 2 GB RAM. As a result, we estimate that this Microsoft scheme can be broken with an overall (segmentation and then recognition) success rate of more than 60%. On the contrary, its design goal was that “automatic scripts should not be more successful than 1 in 10,000? attempts (i.e. a success rate of 0.01%). For the first time, we show that a CAPTCHA that is carefully designed to be segmentation-resistant is vulnerable to novel but simple attacks. Our results show that it is not a trivial task to design a CAPTCHA scheme that is both usable and robust.
For more read the research paper.
All these recent CAPTCHA problems show how vulnerable CAPTCHA has become, for sometime proving helpful this Anti-Spam method has become really easy for hackers now . Security should be tightened and some more Anti-Spam techniques should be implicated or the Internet would be filled with spammers.
via ZDNet
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically each day to your feed reader. If you don't have a feed reader, you can always have these articles delivered to your email inbox every day. Click here to sign up.
