Due to the prevalence of spammers on the internet CAPTCHAs have become a necessary security measure. Without a CAPTCHA in place a system is incapable of knowing whether a human or an automated computer is executing a request. Currently one of the most widely implemented versions of this system is Google's reCAPTCHA due to its robustness thus far. This paper illustrates techniques to defeat this system which has been trusted to secure websites such as Twitter, Facebook, Craigslist, and many others, as well as methods to secure it further. The efficacy of the techniques outlined herein is at a very conservative figure of ten percent, which is more than enough for an applicable exploitation of the system.
Chad Houck's bio: I graduated from Oakland University in April 2010 with a bachelor's degree in computer science. I have a decade's worth of hobby programming experience. Along with experience working with microcontrollers and building electrical circuits. And now I am tired of talking about myself because the material I wish to present is far more interesting.