Oolite Bulletins

We've recently seen evidence that there either are indeed human spambots paid to register on forums or the bot programmers themselves have, ahem, "issues".
This isn't to say that bots nowadays can't break recaptchas. With a quick googling, I found a site claiming "a total success rate of 17.5 percent against reCAPTCHA" in early 2008; the amount of spammers we're getting says things got worse since then...

What are the latest developments in this area?

Cmdr. Maegil wrote:

We've recently seen evidence that there either are indeed human spambots paid to register on forums or the bot programmers themselves have, ahem, "issues".
This isn't to say that bots nowadays can't break recaptchas. With a quick googling, I found a site claiming "a total success rate of 17.5 percent against reCAPTCHA" in early 2008; the amount of spammers we're getting says things got worse since then...

What are the latest developments in this area?

I see a lot of claims for how to break reCAPTCHA ... then again, there are a lot of claims for foolproof methods to, ahem, adjust appendage size, too. The latest piece of reliable reporting that I've seen, from New Scientist, 19 October 2011, suggests that although many CAPTCHAs are breakable, so far reCAPTCHA is proving too difficult for automatic cracking:
http://www.newscientist.com/article/mg2 ... ptcha.html

The team tested their software on 15 sites, including Google, eBay and Wikipedia. Schemes are usually deemed secure if they can be broken less than 0.01 per cent of the time. Bursztein easily cracked many of the CAPTCHAs he studied, breaking the likes of eBay 37 per cent of the time and Wikipedia 25 per cent of the time. The only sites to resist attack were Google, and sites using Google's more recent iteration, reCAPTCHA.

I think the proof of the pudding lies here in the fact that we're not swarmed by bots. If reCAPTCHA was (easily) cracked by software then we'd see a lot more of them, I would guess. Currently we're only running at somewhere between half-a-dozen to a dozen a day, and many of those never complete the final email hurdle and actually register.

There will always be some holes in any fence! When the reCaptcha was disabled for a trial period, I was certainly killing more of them... it definitely works.

On a somewhat related note:

Also relevant: http://mashable.com/2011/11/17/worst-in ... passwords/