Researchers defeat video CAPTCHA antispam tests

Researchers defeat video CAPTCHA antispam tests - Network World

Image: Wikimedia Commons

“Most people are familiar with image-based CAPTCHAs that require users to input a string of distorted characters in order to prove that they are human. However, there are also audio and video variants of such tests.

NuCaptcha is a video-based CAPTCHA implementation that uses animation techniques in order to make it harder for spam bots to decipher the characters. Its creators claim that NuCaptcha has the highest usability and security levels of any CAPTCHA on the market.

However, according to Stanford University researcher Elie Bursztein, that’s not exactly true. Bursztein has worked with other researchers to evaluate the security of NuCaptcha since October 2010 and has devised a method that defeats it with a success rate of over 90 percent.” (Lucian Constantin, Network World)

In Attack on Vatican Web Site, a Glimpse of Hackers’ Tactics

In Attack on Vatican Web Site, a Glimpse of Hackers’ Tactics - New York Times

Image: Wikimedia Commons

“Much as in a grass-roots lobbying campaign, the hackers spent weeks spreading their message through their own Web site and social sites like Twitter and Flickr. Their Facebook page called on volunteers to download free attack software and implored them to “stop child abuse” by joining the cause. It featured split-screen images of the pope seated on a gilded throne on one side and starving African children on the other. And it linked to articles about sexual abuse cases and blog posts itemizing the church’s assets.

It took the hackers 18 days to recruit enough people, the report says. Then the reconnaissance began. A core group of roughly a dozen skilled hackers spent three days poking around the church’s World Youth Day site looking for common security holes that could let them inside, the report says. Probing for such loopholes used to be tedious and slow, but the advent of automated tools made it possible for hackers to do this while they slept.” (Nicole Perlroth & John Markoff,

Small coding mistake led to big Internet voting system failure

Small coding mistake led to big Internet voting system failure - Fierce Government

Photo: State Dept.

“Responding to a call by Washington, D.C., election officials for outsiders with no previous access to test system security, Halderman and his students penetrated the pilot system within 48 hours of it going online. Their successful attack went undetected for another 36 hours, they say, despite the fact that they left a calling card in the form of having the vote confirmation screen to play the University of Michigan fight song after 15 seconds. Even then, the detection didn’t occur because D.C. officials spotted anomalies in intrusion detection system logs, or even stumbled on the fight song itself, but because someone on a mailing list monitored by the city asked, ‘does anyone know what tune they play for successful voters?’ ” (David Perera, Fierce Government)

Long Distance

Long Distance - RadioLab

Image: melloveschallah/flickr/CC-BY-2.0

In the mid-1950’s, a blind seven-year-old boy named Joe Engressia Jr. made a discovery that changed his own life and many others. While idly dialing information on the family telephone, he heard a high-pitched tone in the background and started whistling along with it. Slowly, he learned to recognize all kinds of tones, pulses, clicks and beeps that the phone system used to talk to itself. And when he got good at decoding those sounds, he became the grandaddy of a whole movement of like-minded obsessives known as “phone phreaks.” (RabioLab)

Oscars vote vulnerable to cyber attack under new online system, experts warn

Oscars vote vulnerable to cyber attack under new online system, experts warn - The Guardian

Photo: Damian Dovarganes/AP

“But Everyone Counts’ security claims have been met with deep scepticism by a computer scientist community which has grappled for years with the problem of making online elections fully verifiable while maintaining ballot secrecy – in other words, being rigorous about auditing the voting process, but still making sure nobody knows who voted for what. So far, nobody has demonstrated that such a thing is possible.” (Andrew Gumbel, The Guardian)

Build Up Your Phone’s Defenses Against Hackers

Build Up Your Phone’s Defenses Against Hackers - New York Times

Image: Minh Uong/The New York Times

“Technology experts expect breached, infiltrated or otherwise compromised cellphones to be the scourge of 2012. The smartphone security company Lookout Inc. estimates that more than a million phones worldwide have already been affected. But there are ways to reduce the likelihood of getting hacked — whether by a jealous ex or Russian crime syndicate — or at least minimize the damage should you fall prey.” (Kate Murphy,

Is International Cyber Warfare a Real Threat?

Is International Cyber Warfare a Real Threat? - On The Media

Photo: US Air Force / flickr

“We’re talking about several different things, and they all tend to be conflated. And that’s part of the problem. So you have denial of service attacks, where a website is taken down. And you have cyber espionage, where you have hackers, whether it’s criminal groups or perhaps even state-sponsored hack into private networks and steal information. Those definitely exist and they’re serious.

But what happens is that somebody like Richard Clarke, they use examples of these things that we know, and then they say we should be worried about trains derailing, planes falling out of the sky.  And there, you’re talking about real kinetic cyber attacks that we have very little evidence for.” (Jerry Brito, On The Media)