A CAPTCHA is a type of test that attempts to verify whether a user is human or not. On the web, it usually appears in the form of an image, where the user has to enter the letters that appear in the image. This is quite easy for humans, but is very hard for computers, especially when the image letters are distorted. CAPTCHAs are useful for preventing automated posting or registrations by spambots, and over the years they have been increasing in complexity as the technology to break them becomes more successful.

So when this image popped up in my Google+ stream this morning, I could hardly believe my eyes.

Source code behind Sony's CAPTCHA images.

This is a CAPTCHA generated by Sony’s website. Whilst at first glance it appears to be an image, if you take a look at the page source code, you will see that it is actually just made up of plaintext characters, which are distorted by CSS and JavaScript.

The problem? Well, any computer can easily extract the CAPTCHA letters using regular expressions, or even by simply traversing the DOM. There is literally no security gained by having this type of CAPTCHA.

No wonder Sony kept getting hacked; they can’t even get basic security techniques right.