When you sign up for an e-mail history at Google’s Gmail, you have to navigate past a CAPTCHA — squiggly words and letters that need to be typed into a box to prove you’re human and not an automated system looking to send spam. But in the war against spammers, CAPTCHAs are not holding up well and the latest attacks let spambots into Gmail.

CAPTCHA stands for “Completely Automated Public Turing tryout to tell Computers and Humans Apart.” Typically image files, the challenge-and-response system has been fairly successful in preventing spammers from opening e-mail accounts on popular Web domains like Gmail, Yahoo and Hotmail. Those accounts are prized by spammers considering Web administrators can’t simply blacklist the popular domains.

Spammers have found ways to break CAPTCHAs, according to Stephan Chenette, manager of Websense shield Labs. “What we’re seeing is the technology on the hacker side has surpassed the simple CAPTCHAs,” Chenette told us. “In the public domain there

are several tools available right now for everyone to use to break simple CAPTCHAs.”

Human and Computer Attacks

Chenette said organized attackers are using automated tools to sign up for Gmail and other Web-mail accounts. When the CAPTCHA image appears, it’s automatically sent off to a large and low-paid workforce, typically in another country, where a worker enters the cipher and sends it back so the history can be created.

that type of attack has been used against other Web-mail sites, Chenette said, but in the attacks on Gmail there’s a new wrinkle. “One of the more interesting things about the Gmail CAPTCHA breaking is that we believe that that might be happening through an automated process, which is the next step to breaking CAPTCHAs as opposed to hiring a large workforce to break them,” he said.

In fact, Chenette believes these are two-pronged attacks. The…

Orginal post by Top Tech News