It seems like it was the just the other day that I was writing about how CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) was quickly becoming completely useless for Web security. Actually, it was just the other day-two days ago-but I was wrong. CAPTCHA is already completely useless.
I found the proof of this in the Web security company WebSense’s Sumeet Prasad, a threat analyst, latest blog. There, he declared that there’s now a botnet-based program that can beat Google’s Blogger CAPTCHA.
The program’s not terribly good at breaking Blogger’s CAPTCHA. WebSense estimates it has an 8% to 13% success rate and it takes about 35-seconds per attempt. But, with hundreds to thousands of zombied home PCs doing nothing but trying to create fake blogs, the program doesn’t have to be very good at it.