Independent researcher Chad Houck this month demonstrated his work on solving Google's (NASDAQ: GOOG) reCAPTCHA, which was designed to foil software bots that attempt to spam or abuse its free service by creating numerous accounts for nefarious purposes. Despite recent enhancements made by Google however, Houck says he came up with algorithms that could beat reCAPTCHA 30 percent of the time.

While this might not sound very impressive, what it basically means is that automated software using Houck's algorithm will be able to create one account out of just three attempts. Multiple those odds by tireless attempts by tens of thousands of zombies in a typical botnet, and you see the problem.

Referring to reCAPTCHA, Houck noted that "[ReCAPTCHA] has never been wholly secure. There are always ways to crack it." The researcher has since published a white paper on it, and has also released his algorithms online. For now at least, a Google spokesperson says there has not been any sign of this particular attack being actively used.

Houck says that he never got a reply when he emailed recaptcha.net about his research. If I were to guess though, the reCAPTCHA team has its hands full with the growing problem of low-wage workers, in developing countries being paid to solve CAPTCHA puzzles.

For more on this story:
- check out the article at Dark Reading

Related Articles:
New attack puts a dent on Google's reCAPTCHA
Microsoft sues spammers who abused Hotmail filters
Industry-wide phishing attack strikes thousands
Hotmail to get conversation view, Exchange ActiveSync
Supreme Court turns down Virginia spam case