On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet

April 14th, 2008

Websense: Microsoft Live Hotmail CAPTCHA hacked in 6 seconds

Posted by Larry Dignan @ 2:10 am

Categories: Data theft, Exploit code, Hackers, Spam and Phishing

Tags: CAPTCHA, MSN Hotmail, Websense Inc., Microsoft Corp., Attack, Larry Dignan

Websense says that hackers have streamlined their anti-CAPTCHA tools and can attack Microsoft’s Live Hotmail service in about 6 seconds.

Websense has been on the CAPTCHA case for a while and the latest attack on Microsoft’s Hotmail is an evolutionary leap because hackers’ tools are automated and operating almost instantaneously. CAPTCHAs are viewed as a spam defense and a way to distinguish humans and computers. Google says CAPTCHAs are still useful, but others beg to differ.

The steps of the CAPTCHA eluding attack are similar to previous attacks, according to Websense. A bot hooks into Internet Explorer, observes account names, uses IE to sign up for Hotmail accounts, grabs CAPTCHA and breaks it, creates multiple accounts and then spams away.

The big difference: “Unlike Live Mail Anti-CAPTCHA and Gmail Anti-CAPTCHA operations in the past, the current attack is aggressive and instantaneous in terms of CAPTCHA breaking host turn-around time,” said Websense. Total response time? Six seconds.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 21 Talkback(s)
Allow me to introduce myself...
Just as a bit of background, I've used Yahoo, Gmail, Hotmail, Live mail, ISP provided mail, no-name web mail, IBM Mainframe based mail, Notes, Outlook, Eudora, etc. ad nauseum. Been around a while and... (Read the rest)
Posted by: aureolin@... Posted on: 04/23/08 You are currently: a Guest | | Terms of Use
Yahoo is implementing CAPTCHA at the send...  bjbrock | 04/14/08
Who The HECK Uses Hotmail Anymore?  itanalyst2@... | 04/14/08
I think we are going to see more ....  bjbrock | 04/14/08
i agree  reverseswing | 04/14/08
Live Mail & services are worth the slight risk..  a_chameleon | 04/14/08
Millions of people  sysop-dr | 04/15/08
RE: Websense: Microsoft Live Hotmail CAPTCHA hacked in 6 seconds  chips@... | 04/14/08
RE: Websense: Microsoft Live Hotmail CAPTCHA hacked in 6 seconds  UnwelcomeGuest | 04/14/08
Also...  zkiwi | 04/14/08
It's way past time for bio IDs  TranMan | 04/14/08
The problem with bio IDs  jred | 04/14/08
FIXED: The problem with bio IDs  richard.hauer@... | 04/14/08
BIO IDs... the problem  Rafal.Los (RX8volution) | 04/14/08
"The *good* fingerprint readers"  jacarter3 | 04/15/08
This topic isn't secure identification  DotWhat | 04/18/08
RE: Websense: Microsoft Live Hotmail CAPTCHA hacked in 6 seconds  phatkat | 04/14/08
i found a really easy way to stop bots  Been_Done_Before | 04/14/08
RE: Websense: Microsoft Live Hotmail CAPTCHA hacked in 6 seconds  dotat@... | 04/14/08
Hotspam - makes no difference anyway.  kraterz | 04/15/08
Allow me to introduce myself...  aureolin@... | 04/23/08
RE: Websense: Microsoft Live Hotmail CAPTCHA hacked in 6 seconds  Mr. Byte | 04/18/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here