It has emerged, not long after a group of hackers cracked the Windows Live Mail’s CAPTCHA, Google’s Gmail CAPTCHA has also been hacked (possibly by the same group).
Hacking Gmail is a huge scalp for the hackers, it gives them:
- use of the gmail.com domain name — a domain name that is unlikely to be blacklisted by spam filters.
- access to a wide range of Google services
- hacker kudos
Not to mention; due to the volume of Gmail users – they are going to be hard to track.
Should we worry about this?
Yes and no.
Google will undoubtedly fix the immediate threat, but the bigger issue is that CAPTCHAs are being hacked more and more successfully. For instance, since July 2007 the HotLan Trojan has created more than 500,000 spam email accounts with Hotmail, Yahoo! and Gmail.
With no end in sight for the arms race between the hackers and developers. CAPTCHA’s days seem numbered, (I for one would be happy to see the death of the CAPTCHA [as it currently stands]). But, what will be the next solution?
What methods are developers going to have to introduce to combat the hackers?
KittenAuth? And ultimately are all attempts to prove your human in an electronic arena bound to fail?