How do you let people create user accounts or post comments on your Web site without letting spam bots in? Simple — make your users prove they’re human. Many Web sites use CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) technology to try to tell the bots from the people.
CAPTCHA’s idea is simple enough. It presents users with an image showing an obfuscated string of letters that they must type in to get an e-mail or social networking account, for instance, or to enter a comment on an online forum. The theory is that only humans can decipher the letters hidden in the image and type in the correct code, and for a time it was an effective tool to keep the bots out.
But while no one has yet come up with a computer that can fool people into thinking it’s another person, computers are great at fooling other computers. These days, malware makers and spammers regularly trick the CAPTCHA systems at big-name Web sites such as Yahoo Mail, Gmail and Craigslist, and use these sites to automate their attacks.