Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security

Security

Microsoft Live Hotmail CAPTCHA - Hacked in 6 Seconds

Websense proves that CAPTCHAs are not so secure anymore

By Bogdan Popa, Security and Search Engines Editor

14th of April 2008, 14:14 GMT

Adjust text size:


Hotmail's CAPTCHA - hacked in 6 seconds..
Enlarge picture
The folks at Websense have managed to prove, once again, that an experienced spammer who attempts to create a large number of Microsoft Live Hotmail accounts
to send spam messages doesn't need more than six seconds in order to bypass the CAPTCHAs. The reports comes after only a few days since several sources confirmed that hackers around the world are willing to hire and pay human workforce in order to enter the visual CAPTCHAs and help them create accounts on several services.

Getting back to the Microsoft Live Hotmail CAPTCHA, Websense's experts estimated that 6 seconds should be enough if a spammer who uses advanced techniques attempts to register multiple accounts on this mail service. Just like previous attacks, a bot starts the browser (usually Internet Explorer), connects to the service, uses a pre-defined list of account names and attempts to bypass the CAPTCHAs. The process may take no longer than six minutes, Websense explains.

"It is observed that unlike Live Mail Anti-CAPTCHA and Gmail Anti-CAPTCHA operations in the past, the current attack is aggressive and instantaneous in terms of CAPTCHA breaking host turn-around time. In the current attack, the response time of CAPTCHA breaking host after grabbing a CAPTCHA image from a victims' machine, analyzing it, and responding back to victims' machine with corresponding CAPTCHA code is relatively lower when compared to previous attacks," the people of Websense explained.

What's worse is that a Windows Live Hotmail may also be used for several purposes, other than sending spam email messages. For instance, the same accounts registered through the method described by Websense, can also be used for connecting to Windows Live Messenger, which means another spamming campaign could be started on the instant messaging application, millions of connected users being vulnerable to such an attack.

TAGS:

 microsoft | hotmail | captcha | security


Rating:
Very Good (4.1/5) 7 vote(s) so far    

Read by 1,412 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Windows Live Hotmail Cracked

Gmail Cracked!

Google: The Return of the Grieving Widow Strikes Back

How Easy Could A CAPTCHA Be Broken ?

The Secrets of Guestbooks

Spammers Need Human Workforce to Solve CAPTCHAs

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive