Websense: Microsoft Live Hotmail CAPTCHA hacked in 6 seconds

Summary:Websense says that hackers have streamlined their anti-CAPTCHA tools and can attack Microsoft's Live Hotmail service in about 6 seconds.Websense has been on the CAPTCHA case for a while and the latest attack on Microsoft's Hotmail is an evolutionary leap because hackers' tools are automated and operating almost instantaneously.

Websense says that hackers have streamlined their anti-CAPTCHA tools and can attack Microsoft's Live Hotmail service in about 6 seconds.

Websense has been on the CAPTCHA case for a while and the latest attack on Microsoft's Hotmail is an evolutionary leap because hackers' tools are automated and operating almost instantaneously. CAPTCHAs are viewed as a spam defense and a way to distinguish humans and computers. Google says CAPTCHAs are still useful, but others beg to differ.

The steps of the CAPTCHA eluding attack are similar to previous attacks, according to Websense. A bot hooks into Internet Explorer, observes account names, uses IE to sign up for Hotmail accounts, grabs CAPTCHA and breaks it, creates multiple accounts and then spams away.

The big difference: "Unlike Live Mail Anti-CAPTCHA and Gmail Anti-CAPTCHA operations in the past, the current attack is aggressive and instantaneous in terms of CAPTCHA breaking host turn-around time," said Websense. Total response time? Six seconds.

Topics: Microsoft, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.