The most common type of CAPTCHA displays an image containing distorted letters of a word or some sequence of letters and numbers. The user then needs to type the letters of a distorted image.
An alleged Russian security researcher announced the other week that his team has developed a system that correctly identifies the images from Yahoo's CAPTCHA system 35% of the time. Yahoo apparently confirmed that this was the case:
" We are aware of attempts being made toward automated solutions for CAPTCHA images and continue to work on improvements as well as other defenses. " [InformationWeek]
It does raise the question if solutions that require human processing, such as 3D CAPTCHA, would be a better solution.
Lastly, some have wondered if 'researcher' could be is in violation of the DMCA because they are circumventing security. As long as they continue frame their discovery as 'research' they appear to be safe. The DMCA states:
"An exception for encryption research permits circumvention of access control measures, and the development of the technological means to do so, in order to identify flaws and vulnerabilities of encryption technologies."Sphere: Related Content