Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Evil side economy: $1 for breaking 1000 CAPTCHAs InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Evil side economy: $1 for breaking 1000 CAPTCHAs

Published: 2008-09-09
Last Updated: 2008-09-09 13:21:52 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

You see CAPTCHAs everywhere you turn. Create a gmail account, do a whois that's to yield useful information of a .eu domain, comment on a blog, sign up for a forum, ...

CAPTCHA is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart". It's mostly used to prevent automated registration or activity where we would like humans to participate, but keep the excesses away.

Dancho Danchev blogged about it over at zdnet. It's interesting to read it if you are or are using or are planning to use CAPTCHAs to protect something.

Once they start to employ sweatshops that break these for $ 0.001 a piece, the protection offered by this quickly dwindles to next to nothing. Also the capacity claimed to be available is tremendous. 200,000 CAPTCHAs per day seems something expected by those offering this "service".

Aside of causing the living standard to improve in those places that are cheap enough to have this kind of economy possible, what are you considering to replace your CAPTCHAs with once it gets overrun by this ?

Tell us and we'll summarize.

Swa Frantzen -- Section 66

Keywords: CAPTCHA economy
0 comment(s)
Diary Archives