Ars Technica is reporting that spamboys have now officially cracked the CAPTCHA systems of Windows Live Hotmail and Gmail. Worse, they're able to tear through the average CAPTCHA protection system in less than a minute:
Windows Live Hotmail's Anti-CAPTCHA automatic bot, which hooks itself into Internet Explorer on a victim's machine, has a success rate of about 10-15 percent. That means that it takes up to one minute for a single bot to create a new account.
In one day, the bot can amass at least 1,440 accounts. And that's just one bot. This same bot can then send spam to multiple e-mail addresses (using both CC and BCC lists) continuously, switching between accounts (both in the from: and to: fields) in order to lower the chance of being spotted.
Meanwhile, it takes me, an actual human being, upwards of ten minutes to analyze and cypto-decipher the average CAPTCHA, all the while screaming "What kind of moon-man frickin' Cylon do you have to be to read this thing?"
But, really, what's the alternative here? On my other blog, we weed out spam with a simple text question system (ex: "What is the color of the yellow snow?") but I don't doubt that this utterly simple scheme would quickly fall apart if spammers were actually trying to dissect it. How do you suss out a human with 100% infallibility?
Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA [Ars Technica]