You know those anti-spam tests that make you enter funny characters to prove you're a human? Well, non-humans can finally fake their way into systems using the "Completely Automated Public Turing test to tell Computers and Humans Apart" too—even Yahoo's pretty secure system, according to new reports.
A Russian security researcher known only as "John Wane" (sic) says that his team has developed a system that correctly identifies the images from Yahoo's CAPTCHA system 35% of the time. According to one analyst, the irony is that the image recognition used to fight off the current generation of image-embedded spam will now be used to create the next wave of spam itself.
Yahoo apparently confirmed that this was the case:
We are aware of attempts being made toward automated solutions for CAPTCHA images and continue to work on improvements as well as other defences.
This doesn't just finger Yahoo, since the verification technique is used by other online e-mail providers too. In the words of the analyst, the hack "could be used for spam...could be used for phishing...could create a fairly significant number of e-mail accounts." I'm thinking this also means I'm screwed next time I want tickets for a concert, too. [TMCNet via Slashdot]