Has reCaptcha been cracked / hacked / OCR’d / defeated / broken? [closed]

by

I notice that almost all the answers here relate to the ineffectiveness of the concept of CAPTCHA, in principle – and while I very much agree with them, in fact gave a talk at OWASP a few months ago explaining just that – the question is very specific, so I will provide for a demonstration.
But first, I will reiterate that demonstration aside, re-read the other comments, since it’s truth that CAPTCHA is pointless and not helpful, irrelevant of implementation….

But really, check out CAPTCHA Killer. You can upload a CAPTCHA image, and it will automatically, if not immediately, provide the OCR’d answer. It also provides for an API (REST, I think, but maybe also SOAP). I personally tried numerous reCAPTCHA images, and it was actually some of the easiest ones (or at least quickest) broken.

UPDATE: CAPTCHA Killer’s website is now taken down, apparently under legal pressure. See http://captcha.org/ for a complete overview of the topic.

And yeah, OCR is not the best way to break a CAPTCHA protected site – there are many other better ways.

More Related Contents:

  1. Is there any possible ways to bypass cloudflare security checks?
  2. Practical non-image based CAPTCHA approaches?
  3. When the bots attack! [closed]
  4. Difference between Hashing a Password and Encrypting it
  5. In what cases will HTTP_REFERER be empty
  6. XMLHttpRequest cannot load file. Cross origin requests are only supported for HTTP
  7. Why Does OAuth v2 Have Both Access and Refresh Tokens?
  8. What is the best way to prevent session hijacking?
  9. How to restrict Firebase data modification?
  10. Why is security through obscurity a bad idea? [closed]
  11. The necessity of hiding the salt for a hash
  12. Classic ASP SQL Injection Protection
  13. Will HTML Encoding prevent all kinds of XSS attacks?
  14. How are software license keys generated?
  15. Convert .pfx to .cer
  16. ReCaptcha API v2 Styling
  17. Are Google Cloud Functions protected from DDoS attacks?
  18. OAuth2 and Google API: access token expiration time?
  19. What is the best Distributed Brute Force countermeasure? [closed]
  20. https URL with token parameter : how secure is it?
  21. CSRF protection: do we have to generate a token for every form?
  22. SSL Error: unable to get local issuer certificate
  23. curl – Is data encrypted when using the –insecure option?
  24. How to pass the value of a variable to the standard input of a command?
  25. How does Google reCAPTCHA v2 work behind the scenes?
  26. Google Authenticator available as a public service?
  27. Recommendations for java captcha libraries [closed]
  28. Securing an API: SSL & HTTP Basic Authentication vs Signature
  29. Should be used for JSF 2.2 CSRF protection?
  30. Setting cookie in iframe – different Domain

Leave a Comment