Ars Technica has a story by Ken Fisher about a recent trend of sites blocking or throttling gmail due to spam originating from gmail servers. This may be a result of gmail's CAPTCHA being defeated.
http://arstechnica.com/news.ars/post/20080406-gmail-being-throttled-blocked-by-some-anti-spam-vendors.html |
seems that http://www.captchakiller.com/ is a tool that can be reversed engineered |
How can you say a captcha is defeated when all they do is redirect the captcha so a human can answer it?? |
The description I read about how it was "defeated" didn't say anything about redirecting it to a human. Jacqui Cheng wrote in a February Ars Technica article, "... crack the CAPTCHA and have bots do all the work." Websense has a more detailed description of how this works.
http://securitylabs.websense.com/content/Blogs/2919.aspx
That description does not appear to me like it relies on humans evaluating the CAPTCHAs. If it uses humans why is the success rate so low?
http://arstechnica.com/news.ars/post/20080226-gotcha-captcha-gmail-bot-detector-system-cracked.html?rel http://blogoscoped.com/forum/124791.html
Even if humans were evaluating each CAPTCHA, the point of this thread is that spam is being sent from what appears to be gmail servers and the response is that gmail is being blocked and throttled.
|