Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


July 15, 2008

Gotcha CAPTCHA!

How the good guys got trumped
A Web Exclusive from Windows IT Pro
Tony Howlett
Glenn Kramer
Fearless Security
InstantDoc #99773
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
back to blog index

In the category of “What will they think of next?” is this next item. In case you weren’t convinced that the best and brightest minds in our field often wear the other side's uniform (the black hats), this should convince you.

The latest hack out there is a new crack of the CAPTCHA technology. This little-known technology is the hard-to-read graphics that websites use to keep the spammer bots from signing up for their sites en-masse. You’ve probably used a CAPTCHA at some point, but in case you haven’t, it works like this. In addition to entering a logon ID and password, you have to enter the letters that appear in a little graphic, usually blurred or highly distorted.

For years, this technology has been working pretty well, with the CAPTCHA folks steadily increasing the amount of distortion to get around better and better OCR algorithms. However, some enterprising individual figured, "Why keep this machine-to-machine race up? Let’s let dumb humans help us trump the good guys!" What they do is when the graphic is presented, it is cross linked to another site--a site appearing to be a free porn site. All you have to do is type in the characters, doing the recognition job with the human mind, which is infinitely better than machines. So the dumb user gets his (or her) porn and the hacker gets to create multiple accounts for whatever illicit use they want (spam, buying front row tickets, whatever). The screwed ones are the original website and us users who pay the price in the form of more spam or more expensive tickets.

All I have to say is, brilliant move! It seems they’ve checked our mate, at least in terms of this particular technology. But the real sinister part of this is when hackers start using this trick (dumb humans) to crack other things. What I want to know is, where is the quantum-leap thinking like this one on the good guys' side? Let's see some real ingenuity to come up with ideas to fight these guys, rather than churning out more "me too" products and cash cow tech. How about making the background of the graphics a note saying “Don’t click on this unless you are at www.yahoo.com”? Or a picture of Uncle Sam saying “I’ve got my eyes on you”? That might discourage a few free porn seekers. Then again, never put it past the desperation of credit-cardless teenagers. Oh well, back to the drawing board.

End of Article

Reader Comments

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now





Search Fearless Security
 
Fearless Security
NOVEMBER 2009
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30      
or

 Recently in Fearless Security
All A'Twitter about Blackhat/Defcon
Make a Comment
Social War Dialing - The New Identity Theft Menace
Make a Comment
Top Ten Infosec "Oops!" of 2008
Make a Comment
Top Ten Net-Surfing Risks at Work
Make a Comment
Hacking Palin...
Make a Comment

More blogs about technology,
software, and Windows.


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Free CDs Offer Fundamental Content for IT Pros
Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Exchange Server 2010: Deploying Unified Communications - Virtual conference
December 1, 2009 - Free Registration. Build your Unified Communications future on a strong Exchange Server 2010 foundation.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement