Dr Jeff Yan and PhD student Ahmad Salah El Ahmad, from Newcastle University, claim to have cracked the security behind the biggest names in global email services, exposing widespread vulnerability.
Using the CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) security system, where automated hacker attacks are prevented by the letters in wavy lines, Yahoo and Microsoft have used the system and managed to reduce the amount of spam getting into users' mailboxes.
Using an ordinary desktop computer, Dr Yan and Mr El Ahmad used a seven-step method - which took less than 80 milliseconds - to remove arcs in the Microsoft scheme that link letters and make them hard to isolate, and then identify all the characters in the right order.
Key to their success was an innovative colour filling method, which proved extremely powerful when combined with more traditional vertical histogram analysis.
They could isolate each of the eight characters in over 90 per cent of the challenges generated by the Microsoft scheme and, by combining this with character recognition techniques, they were able to solve them over 60 per cent of the time.
The aim of CAPTCHA is to not allow bots to be more successful than 1 in 10,000 attempts (a success rate of 0.01%).
Dr Yan claimed that the best method was to let characters touch or overlap with each other, juxtaposing characters in any direction to make it harder to tell real characters and other 'noise' apart, and randomising the width of those characters.
Dr Yan said: “I actually think the idea of CAPTCHA is a good one, but the devil is in the detail and this is where future work needs to focus. It is not a trivial task to design a CAPTCHA scheme that is both usable and robust.
Early research suggests that computers are very good at recognising single characters, even if they are highly distorted. Once the positions of the characters are known, breaking the scheme is purely a recognition problem, which is a trivial task with standard machine learning techniques such as neural networks.”
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
