News, Token, Tokenless, Vulnerability

CAPTCHA-busting service relies on CAPTCHA to block bots

Can you use to it to spam itself?

By John Leyden • Get more from this author

Posted in Security16th October 2012 10:14 GMT

An automated CAPTCHA circumvention service has decided to use CAPTCHAs to restrict access to its own contact us services.

It’s unclear whether or not its possible to use bypasscaptcha.com to, err, bypass bypasscaptcha.com“contact us” page CAPTCHA. The automated CAPTCHA solving service is likely to be of interest primarily to those who want to sign up to online forums and set up webmail accounts in preparation for spam runs, or other similar malfeasance.

Asked directly whether it was in the pay of spammers (like most other CAPTCHA-busting services), bypasscaptcha.com quickly responded:

“Sorry that we can not tell you who our customers are.”

Bypasscaptcha.com’s front page explains that “we hire workers to work on our project not only to make money for ourselves, but also to make our workers live better with much better salary than other local workers without any special skills.”

Which is a nice way of saying we’re paying poor folk overseas a pittance to decipher the letters in jumbled up images hundreds of times a day in hi-tech sweat-shops … but it’s better than picking over rubbish dumps.

An advert for the service on ProgrammableWeb explains:

“The service operates through the Bypass CAPTCHA API which can be implemented in third-party software.”

It’s unclear who’s behind the service, which was brought to our attention by Reg reader Christopher P.

“They cannot be English, what with their absolute failure to understand irony,” Christopher notes. ®

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s