A few days ago I was required to pass reCAPTCHA for many times. And I noticed that it's being accepted even if it's wrong. So, I decided to examine how accurately it works.
The result was sad :).
While Chad Houck and Jason Lee broke the captcha on DEF CON 18 it has another vulnerability.
I tested percentage of wrong accepting and some of them are shown below.
|Distance||Accepted?||Right / Wrong||Image|
You can see that accuracy is not very high. Codes with up to three errors were accepted almost all the time. Codes with four errors were accepted very rarely. Also I didn't notice that letter matching matters.
I haven't yet need to break Google's reCAPTCHA but I have already known one of its weakness. You can use it too - don't waste much your attention recognizing the words, like I did before I got this :).