Easy like Sunday morning
Computer-assisted tools and crowd sourcing can easily bypass traditional anti-spam solutions, according to insecurity outfit Imperva. In its June Hacker Intelligence report, “A CAPTCHA in the Rye” the company said that the Completely Automated Public Turing test used to tell Computers and Humans Apart is too easy to bypass.
Amichai Shulman, CTO, at Imperva said that CAPTCHA security, like many other security segments, is a battle of innovation between hackers and security professionals. “CAPTCHA security must be balanced against a positive user experience, but can readily be improved by deploying anti-automation solutions to help prevent hackers from employing anti-CAPTCHA tools,” he said.
Imperva highlights two main approaches hackers take to solve CAPTCHAs. The first are computer-assisted tools based on Optical Character Recognition or Machine Learning technologies and crowdsourcing CAPTCHA solving to third-party agents. Imperva analysed a series of case studies focused on bypassing CAPTCHAs to identify common trends, such as incomplete browser headers and high rate requests per minute.
All up it looks like the annoying technology is falling behind. Probably because real humans can't read what the jumbled words are supposed to be saying either.