







“Bots simply need to get the JS code of challenge, show it to another human being,” he writes, “and use the answer that human provided.”

Google's new bot prevention reCaptcha is not much secure as companies described on its launch. A security company Shield Square wrote that Google algorithm is not much good and is easy for bots to bypass the spam free security product "reCaptcha".Early this month on 3rd, Google have announced its new bot-detecting Captcha form called No Captcha reCaptchas. This is awesome and great technique that was introduced in place of old Captcha which was text and number based. The company said the new, simple interface is more secure than the old Captcha because it analyzes user behavior to determine whether they are a person or a bot.To reduce the number of times that users have to interface with No Captcha, the algorithm only makes users take the test once. Next time they visit the site, No Captcha won’t appear - unless the user regularly clears their cookies, in which case they’ll have to retake the Captcha every time they do so.Shield Square asserts that Google’s reliance on cookies creates a problem. For bots to pass the reCaptcha, all they have to do is store the relevant cookies for the website they’re looking to access. Alternatively, bots could use an optical character recognition tool to solve the puzzle in the first place, allowing continued access to the site.Sakurity’s Homakov claims that bots can pass the image test also.Another bad thing with the No Captcha is that researchers have found a security vulnerability on it. Utilizing clickjacking (wherein an attacker creates transparent layers on top of a website, so that when a user clicks, it reroutes them to another site) bots can get real humans to take the reCaptcha test for them. Homakov confirms that currently Google have patched the vulnerability