Warning over free web email services as CAPTCHA compromised

“CAPTCHA [Completely Automated Public Turing test to tell Computers and Humans Apart] technology is used by a growing number of web portals offering free email facilities to prevent the automated creation of sign-on accounts,” explains Brian Chess, Fortify Software’s founder and chief scientist.. “Any free email service that is using the CAPTCHA system – or a similar approach to prevent automated sign-ups – is engaged in a never-ending arms race with its attackers,” he adds. In fact, Chess indicates that it’s a bit of a losing battle: as decoding software gets progressively better, he notes that the good guys have to further contort the CAPTCHA images – and that makes life harder for legitimate users. “The fact that the CAPTCHA technology has been compromised and can be even partially beaten by automated scripts means that anyone receiving email from free mail service domains needs now to take extra care and examine exactly who the message is coming from, to prevent any fancy footwork by hackers causing problems,” he warns. Using automated scripts, hackers can now create a series of free email addresses centring, for example, around a major software vendor’s name, and generate requests for personal information or money.