In the battle against the evils of spam, CAPTCHA has been the one shield that has been able to at least partially protect us. Its beauty lies within its simplicity: Rather than hunting down spam and filtering it, we can simply block it entirely with a simple quiz. Show an image with a bunch of letters and require the person to recite the letters back. This is an easy task for a human but impossible for a spam bot.
Or is it? Though there’s no definitive proof yet, there has been evidence that bots have somehow infiltrated CAPTCHA-protected accounts without human help.
“Last month, the human verification tests, which typically require users to identify deformed letters set against a cluttered backdrop, were broken by a computer,” reports The Washington Post. “The computer then repeatedly created free Hotmail e-mail accounts and sent spam from them, according to Websense, the security firm that detected the hacking.”
This is not a good sign, because it means CAPTCHA questions will have to be increasingly more complicated. Instead of asking us to recite back letters, for instance, the next step will likely be to start offering us math problems we have to solve.