Open source software security

Captcha Cracking

30 November -0001

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely used verification system that forces users to look at images of obscured text and enter the text into a field. This system was designed to defeat automated computer based systems that were often used by spammers to set up bogus accounts or send spam. The idea was that the images weren't machine readable and Optical Character Recognition (OCR) technology wouldn't be able to decipher the image thereby defeating automated tools that spammers used. This raised the bar significantly for spammers. Many turned to micro payments, enlisting humans to decipher CAPTCHA code for a small fee. This isn't nearly as effective as using a computer though and both academic researchers and spammers alike have been searching for programmatic ways to defeat CAPTCHA, even as the technology evolves. Network Security Research ( has published a new paper that details some of the ways CAPTCHA can be defeated and points out that although CAPTCHA has raised the bar, it certainly hasn't made programmatic attacks on this type of deterrent possible.