CAPTCHA System Penetrated, Cyber Security Have to Face a New Challenge

Researchers have figured out how to crack captchas, making it possible to launch automated attacks against sites such as Microsoft, eBay and Digg where opening phony accounts could be turned into cash. Software written by researchers at Stanford University and Tulane University can interpret human speech well enough to crack audio captchas between 1.5% and 89% of the time - often enough to make sites that use them vulnerable to setting up false user accounts, the researchers say.

Called Decaptcha, the program was able to decode Microsoft's audio captchas about half the time. It cracked the toughest audio captcha from reCAPTCHA just 1.5% of the time and's audio captchas 89% of the time. It solved eBay audio captchas 82% of the time, Microsoft 48.9% of the time, Yahoo 45.5% of the time and 42% of the time for Digg, say the researchers, headed up by Elie Bursztein, a post-doctoral researcher at Stanford.

According to the Researchers Group the compromised captchas are:-
• The math captcha
• The geometric captcha
• The drag and drop captcha
• The sexy captcha
• The cute captcha
• The audio captcha