Friday, February 20, 2009

Break CAPTCHA of AOL Mail and ebay . Crack success rate 10 ~ 15 %

I implemented a java program that can recognize AOL Mail's CAPTCHA with success rate of 1 ~ 2 %. Though not high, but still high enough to threaten their system.
I also implemented a java program that can recognize ebay.com CAPTCHA with success rate of 10 ~ 15%. This success rate is high enough to claim that their CAPTCHA is unsecure. 
Given that I implemented these attacks only for the purpose of our security course study, I will neither publicize my source codes nor do something harmful to their websites, cauze I'm a student not a spammer. But I just want to warn those two companies that their CAPTCHA systems are not strong enough. We can claim that CAPTCHA for AOL mail is broken, and CAPTCHA for ebay is also broken.

Based on my study, I found that GMail's CAPTCHA, reCAPTCHA, Hotmail's CAPTCHA are relatively more secure. GMail's CAPTCHA seems strongest. reCAPTCHA and Hotmail's CAPTCHA are somewhat secure. But I will try to see how difficult it is to break them.

Don't expect to get any of my idea or implementation from me. As a student to research computer science, we should be responsible. 

I really hope someone from AOL Mail or ebay can by any chance see this post and change their CAPTCHA system.

Break, Crack

6 comments:

Anonymous said...

AOL CAPTCHAs recognition system was introduced by the NetworkSecurityResearch group a long time before your article appear.
Around the CAPTCHA
It's hard to believe that you somehow have chosen the same CAPTCHA to recognize by accident.
Their recognition accuracy for AOL is about 35%.
So how is your system better than their one?
Why haven't you mentioned about their work in your article?

Anonymous said...

Please share your code or algorithm.

123 123 said...

Interesting post as for me. I'd like to read something more about that theme. Thnx for posting that information.
Sexy Lady
Female escort

brieweb said...

Did you use Hidden Marchov Model? How about segmenting the letters?

Vic said...

Info in your blog help me with my project, whitch based on букмекеры! Thank YoU!

Anonymous said...

This is because this person simply wants to take the credit for the work done by NetworkSecurityResearch. Another person doing that around the internet is someone that goes by kelvinthechamp. His website is spamvilla.com which he steals source codes and makes a profit by offering them to spammers.