Is Captcha Secure?

CAPTCHA stands for Completely Automated Public Turing Test To Tell Computers and Humans Apart is used to ward off automated bots/spammers from repeatedly doing the same task.

CAPTCHA is felt as a secure mechanism to prevent comment spam in Blogs, protecting repeated website registration, prevents dictionary attacks. After reading this blog I realized that captcha cannot be trusted for security. It seems they are pretty much easy to exploit. It appears that now spammers have found a way to overcome CAPTCHA systems, and they have created 15,000 bogus Hotmail & Yahoo accounts. So if you are using captcha to exploit automated spammers, reconsider your approach and follow some other security measures. One good method for dealing with the problem would be to use Bayesian filtering which is considered as the most effective Spam filter. If u would like to learn more about Bayesian and other Spam filtering techniques do check out this article(s) by PaulGraham.


6 thoughts on “Is Captcha Secure?

  1. […] action against spammers, by asking them to enter the code from a Captcha Image (UPDATE:- read this too,), whenever it detects a link in your scrap or message. It also occurs when you scrap someone […]

  2. Ramya says:

    This sounds interesting. The link that you provided for Antispam technique is quite good. Thanks for the information.

  3. […] Hacking ·Tagged Captcha, Gmail, Window Live In one of my previous posts I wrote “Is Captcha Secure“. Now spammers have proved that its no way secure by hacking Windows Live Captcha used by […]

  4. […] On the related note,  sometime back I’ve written a post on  “Is Captcha Secure?” […]

  5. BLACK_FETISH says:

    I was wondering how secure my captcha is that I made in PHP.
    HOW IT WORKS: I have about 89 images, each with a single number/character/symbol in them. The captcha (I call it ASG: Automated Script Guard lol) engine generates a random sequence based on a size that I specify. It stores the correct sequence in a Session cookie, but encrypted it first using triple DES. Once the sequence is complete and stored in the Session, it prints each image in a line, based on that sequence (decrypts it first to see what it is). When the user types in the text that they see in the images, their input is encrypted and compared to the encrypted correct sequence, stored in the session. After so many executions (which I can specify by setting a single value in the Database), the Engine will rename every image to a random name, just incase the spammer is trying to memorize the image names. Please E-mail to let me know what you think.

  6. topdaterz says:

    If you go through struggles and decide not to surrender, that is certainly power

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: