New Snapchat CAPTCHA system hacked in record time
Posted on 23 January 2014.
Bookmark and Share
The revelation that usernames and phone numbers of some 4.6 million Snapchat users have been compromised marked a very bad start of the year for the company behind the popular photo messaging app, but it is not the end of their security woes.

On Wednesday, the company introduced a new way to verify if a user looking to register an account is human: he or she has to choose 4 pictures out of 9 that contain the "Snapchat ghost" (the app's logo).

Less than 30 minutes later, graduate student researcher at Georgia Tech Steven Hickson wrote a simple script that allows a computer to trick the system.


"This is an incredibly bad way to verify someone is a person because it is such an easy problem for a computer to solve. The problem with this is that the Snapchat ghost is very particular. You could even call it a template. For those of you familiar with template matching (what they are asking you to do to verify your humanity), it is one of the easier tasks in computer vision," he wrote in a post, and explained how he went about it.

"There are a ton of ways to do this using computer vision, all of them quick and effective. It's a numbers game with computers and Snapchat's verification system is losing," he added.

In the meantime, Graham Smith, a Texas high school student, has also revealed his tug of war with Snapchat after having found and reported to them several security flaws, and his script for solving the "Snaptcha".









Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //