Google small logo
The Gmail CAPTCHA has been cracked—albeit not easily—raising new concerns about spammers’ ability to abuse Google’s e-mail services. Websense Security Labs pointed out the security breach late last week, noting that spammers have a lot to gain by being able to use bots to automatically sign up for new accounts.

Google’s free e-mail services and a highly-desirable gmail.com domain—one that is unlikely to be blacklisted by anybody’s spam filters—are just two of the features that induced spammers to crack the CAPTCHA and have bots do all the work. On the upside, it apparently wasn’t easy—Websense says that it required two bot hosts to crack instead of just the one that recently cracked Windows Live Mail’s CAPTCHA (Websense believes that the same group was involved with both). It also believes that the two hosts are required because the first host may fail at cracking the code the first time around (and possibly time out), but the second host may also be required to check the work of the first. Additionally, only one in every five CAPTCHA-breaking requests on Gmail succeeded. Still, a 20 percent success rate is relatively high when you consider that spambots are trying to register hundreds (or thousands) of e-mail addresses at a time.

Article source