It has recently emerged that the home-grown CAPTCHA system developed and implemented across Google services has been successfully bypassed.
Speculation had been circulating in security circles for some time as to when this would actually happen, especially with the easy availability of 3rd party tools to bypass other, simpler CAPTCHA tests.
Previously the CATCHA had only been bypassed by manual intervention, IE. the CAPTCHA image is shown to a human who is paid a nominal fee per each CAPTCHA bypassed.
I’ll skip on the technical details for this post but it seems much more complicated than the Live Mail CAPTCHA crack of about a month ago. The company responsible for releasing the find; an American firm responsible for developing web filtering software reckons that the same group is responsible for both attacks.
The effects could be large, Google email addresses are highly prized by spammers and other devious types as they are generally not blocked by most filter software and provide access to other Google services.Tweet