Insecure Captcha Bypass

Insecure Captcha Bypass

Security of websites is very important today. So, when we sign up for any email service on Yahoo or Gmail we first need to pass a challenge-response test which is very simple and straightforward for the human being to solve but it is impossible for computers to pass this test. This sort of test is a CAPTCHA which is also known as a type of Human Interaction Proof (HIP). You all must have probably seen CAPTCHA tests on lots of websites. CAPTCHAs are an acronym for the Completely Automated Public Turing test to tell Computers and Humans Apart.

The basic purpose of it is to block form submission from spam bots-automated scripts that gather email addresses from publicly available web forms. CAPTCHA s are used because of the fact that it is difficult for computers to extract the text from such a distorted image, whereas it is relatively easy for a human to understand the text hidden behind the distortions.

Therefore, the correct response to a CAPTCHA challenge is assumed to come from a human and the user is permitted into the website. Why would anyone need to create a test that can tell humans and computers apart? It's because of people trying to game the system -- they want to exploit weaknesses in the computers running the site. While these individuals probably make up a minority of all the people on the Internet, their actions can affect millions of users and Web sites.

For example, a free email service might find itself bombarded by account requests from an automated program. That automated program could be part of a larger attempt to send out spam mail to millions of people. The CAPTCHA test helps identify which users are real human beings and which ones are computer programs. Spammers are constantly trying to build algorithms that read the distorted text correctly. So strong CAPTCHA s have to be designed and built so that the efforts of the spammers are thwarted.

Watch this video: