NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
06/16/05
Today's focus: CAPTCHAs look to separate humans from bots
Dear security.world@gmail.com,
In this issue:
* Completely Automated Public Turing test to tell Computers and
Humans Apart
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by CipherTrust
Federal legislation has forced businesses in every industry to
rethink how they communicate. Organizations must be more
vigilant than ever to ensure compliance with federal and state
legislations regulating the dissemination of private
information. Download CipherTrust's whitepaper to learn how an
e-mail security appliance can help your organization ensure
compliance.
http://www.fattail.com/redir/redirect.asp?CID=106343
_______________________________________________________________
THE HOMEOWNER'S GUIDE
Expanding your home network? Helping your neighbors with theirs?
At Network Life you'll find everything you need to stay informed
and ready to meet the home network demands. Read about wireless
security for the SOHO network, building a media center, setting
up a Mac as a NAT server, and more. Click here:
http://www.fattail.com/redir/redirect.asp?CID=106392
_______________________________________________________________
Today's focus: CAPTCHAs look to separate humans from bots
By M. E. Kabay
Many readers have no doubt encountered funny-looking images of
distorted letters that look as if they are filtered through a
haze of mind-altering substances. Sometimes these images are
associated with sign-ups for Web pages; occasionally one
encounters e-mail systems that demand that one decode the weird
letters and numbers to be able to send e-mail to a person being
guarded against spam.
These puzzles are known as CAPTCHAs, standing for "Completely
Automated Public Turing test to tell Computers and Humans
Apart." They were developed by The CAPTCHA Project at Carnegie
Mellon University:
<http://www.captcha.net/>
It started around 2000 as an approach to defeating bots
(automated processes - from "robots") that can be used to abuse
online services. The examples cited on the CAPTCHA Web site
include distortions of online polls, abuse of free e-mail
services, search-engine violations of privacy requests on Web
sites, spam, and brute-force challenges to passwords on live
systems.
There are several types of CAPTCHAs in use today:
* Gimpy, which presents distorted letters and numbers that are
difficult for machines to interpret but easy for people to
recognize.
* Bongo, resembling a simple IQ test involving pattern
recognition (better hope you agree with the designers'
opinions).
* Pix, which distorts ordinary photographs and presents a list
of words from which one must select the element in common (I
failed a sample in which the images were all supposed to look
like cheese but included what appeared to be a plate with a pile
of rotting leaves in one and a platter of sushi in a fourth).
* Sounds, which distort a sound clip and ask the user to
interpret the clip.
The visually based systems are evidently difficult or impossible
for visually impaired users to master, as is the last one for
hearing-impaired users. Any attempt to use CAPTCHAs should offer
alternatives for _bona fide_ human beings with perceptual
disabilities to authenticate themselves.
According to the CAPTCHA Web site, several artificial
intelligence research groups are using CAPTCHAs as challenges.
In addition, criminals have been applying human ingenuity to
defeat the system as well. In particular, some spammer bots have
been transferring CAPTCHAs to pornography sites where
unsuspecting pornophiles decode them on behalf of the bots.
Other bots take advantage of the relatively small number of
answers available for many of the CAPTCHA applications; if there
is no limit on the number of retries, the bots simply try all
the values until they succeed.
Future CAPTCHAs may include increasingly difficult logic
problems or questions requiring the kind of knowledge typical of
real people (e.g., "Why do politicians who initiate foreign wars
generally have few of their own children in the military
forces?"). The problem will then become one of rejecting an
increasing number of real people.
RELATED EDITORIAL LINKS
Multi-function security boxes take off
Network World, 06/13/05
http://www.networkworld.com/nlsec2646
Online businesses face credit card security deadline
Network World, 06/13/05
http://www.networkworld.com/news/2005/061305-pci.html?rl
_______________________________________________________________
To contact: M. E. Kabay
M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.
A Master's degree in the management of information assurance in
18 months of study online from a real university - see
<http://www3.norwich.edu/msia>
_______________________________________________________________
This newsletter is sponsored by CipherTrust
Federal legislation has forced businesses in every industry to
rethink how they communicate. Organizations must be more
vigilant than ever to ensure compliance with federal and state
legislations regulating the dissemination of private
information. Download CipherTrust's whitepaper to learn how an
e-mail security appliance can help your organization ensure
compliance.
http://www.fattail.com/redir/redirect.asp?CID=106342
_______________________________________________________________
ARCHIVE LINKS
Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html
Security Research Center:
http://www.networkworld.com/topics/security.html
Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna
Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
We've got our eyes on you. Keeping the customer in view.
Watch this webcast for a look at the challenges of ensuring a
consistent, coherent customer view across the enterprise as well
as receive expert advice on how to implement an effective
customer data management plan.
http://www.fattail.com/redir/redirect.asp?CID=106289
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS
Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment