Filed in archive
Spam News
by Sue Walsh on May 31, 2008
Researchers at the School of Computing Science, Newcastle University, Englandm, have announced they've successfully cracked Microsoft's CAPTCHA system, which is used on services like Windows Live and Hotmail. The researchers claim an amazing 92% recognition rate. Here is a summary of the paper they published on their study:
This is not the first time a CAPTCHA system has been cracked. Both Google and Yahoo have had their systems breached as well. This latest successful crack is just another sure sign that CAPTCHA's time is done and a better system is sorely needed!
In this paper, we analyse the security of a text-based CAPTCHA designed by Microsoft and deployed for years at many of their online services including Hotmail, MSN and Windows Live. This scheme was designed to be segmentation-resistant, and it has been well studied and tuned by its designers over the years. However, our simple attack has achieved a segmentation success rate of higher than 90% against this scheme. It took ~80 ms for our attack to completely segment a challenge on a desktop computer with a 1.86 GHz Intel Core 2 CPU and 2 GB RAM. As a result, we estimate that this Microsoft scheme can be broken with an overall (segmentation and then recognition) success rate of more than 60%. On the contrary, its design goal was that "automatic scripts should not be more successful than 1 in 10,000″ attempts (i.e. a success rate of 0.01%). For the first time, we show that a CAPTCHA that is carefully designed to be segmentation-resistant is vulnerable to novel but simple attacks. Our results show that it is not a trivial task to design a CAPTCHA scheme that is both usable and robust.
This is not the first time a CAPTCHA system has been cracked. Both Google and Yahoo have had their systems breached as well. This latest successful crack is just another sure sign that CAPTCHA's time is done and a better system is sorely needed!
Permalink: Microsoft's CAPTCHA Successfully Cracked
Tags:
spam
antispam
spammers
CAPTCHA
microsoft
phishing
internet
security
captcha
successfully+cracked
Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/125155
Mr Wong
Vote for Microsoft's CAPTCHA Successfully Cracked:
|
Rating: 7.00 out of 1 vote(s) cast.
|
Subscribe
Use the search to look for other interesting posts
| RSS | See all blog subscribe options |
|
What is RSS? | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Newsletter | |
| Follow us on Twitter! |







