List of Resources: Breaking CAPTCHA

“For any technology with a percentage market penetration of X, protecting a benefit/resource with a relative worth of Y, and possessing a relative security strength of Z, the probability that said technology will eventually be compromised is X + Y.”
Brian Huisman

Below is a list of resources I dug up that illustrate that CAPTCHA isn’t the security silver bullet people think they are. Included below are news stories as well as direct links to software and services to bypass CAPTCHA. I include these not as an endorsement of these products and services but to show how easy it is for someone to find & purchase such things. Some of these are out of date. Some of the methods discussed may no longer work. The point is, however, that there is a constant battle going on against bad guys who want to gain illegitimate access to others’ systems and that CAPTCHA is not an instant cure.

  1. Breaking a Visual CAPTCHA
  2. Breaking CAPTCHA without OCR
  3. Breaking the Paypal.com CAPTCHA
  4. Breaking e-banking CAPTCHAS
  5. Breaking the ASP Security Image Generator
  6. PWNtcha – CAPTCHA Decoder
  7. aiCaptcha – Using AI to beat CAPTCHA and post comment spam
  8. Arstechnica – Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA
  9. Slashdot – Yahoo CAPTCHA Hacked
  10. Slashdot Gmail CAPTCHA Cracked
  11. Slashdot – Google’s Audio CAPTCHA Falls to Automated Attack
  12. Computerworld – How CAPTCHA got trashed
  13. How Spam is Improving AI discusses that even photo-based CAPTCHA is being cracked
  14. Spammers’ bot cracks Microsoft’s CAPTCHA: (possibly reporting duplicate info from #8)
  15. NY Times: Spammers Pay Others to Answer Security Tests
  16. BeatCAPTCHAS.com – a service which solves CAPTCHAs for you at a rate of $8.00 per 1000 CAPTCHAs solved
  17. CAPTCHA Cracker site which sells a program to beat CAPTCHAs
  18. CAPTCHA Sniper program to solve CAPTCHAs
  19. Decaptcha beats CAPTCHAs
  20. Death By CAPTCHA (bypass service, has API for use. $1.39 for 1000 solved CAPTCHAs
  21. Stanford researchers crack CAPTCHA codes
  22. Decaptcha: Breaking 75% of eBay audio CAPTCHAs
  23. Breaking Weak CAPTCHA in 26 Lines of Code
  24. Machine Learning Attacks Against the Asirra CAPTCHA
  25. PC Mag: Deep-Sixing CAPTCHA
  26. Breaking CAPTCHA with automated humans
  27. Breaking Audio CAPTCHAs [PDF]
  28. Computerworld.com: Repetition Breaks Google Audio CAPTCHA
If you are interested in learning about the next generation in Web Accessibility Testing, sign up for the release of Tenon.io
If you or your organization need help with accessibility consulting, strategy, or accessible web development, email me directly at karl@karlgroves.com or call me at +1 443-875-7343. Download Resume [MS Word]

9 Trackbacks

Post a Comment