Originally Posted by
mike*0*
To stop people from brute forcing web logins, websites limit users to around 5 tries before they either: a) are blocked from any more login attempts, or b) have to enter the characters shown in an image captcha.
Generally, image captchas aren't possible to beat. However, if they are poorly generated you could use some sort of OCR (Optical Character Recognition) program to read the image and enter the characters in the image. Most image captchas are designed in a way which only humans can read though.
Another method is to employ hundreds of people in a *rd world country to keep entering the characters they see in image captchas in front of them. I think some spammers are doing this to send email from services like hotmail, but it's far easier to just spoof emails directly. A method like that is nowhere near fast enough to perform a brute force.
Of course, if you find a bug in the authentication mechanism you can bypass captchas completely, but that's unlikely.