Researchers defeat video CAPTCHA antispam tests

Researchers defeat video CAPTCHA antispam tests - Network World

Image: Wikimedia Commons

“Most people are familiar with image-based CAPTCHAs that require users to input a string of distorted characters in order to prove that they are human. However, there are also audio and video variants of such tests.

NuCaptcha is a video-based CAPTCHA implementation that uses animation techniques in order to make it harder for spam bots to decipher the characters. Its creators claim that NuCaptcha has the highest usability and security levels of any CAPTCHA on the market.

However, according to Stanford University researcher Elie Bursztein, that’s not exactly true. Bursztein has worked with other researchers to evaluate the security of NuCaptcha since October 2010 and has devised a method that defeats it with a success rate of over 90 percent.” (Lucian Constantin, Network World)

Small coding mistake led to big Internet voting system failure

Small coding mistake led to big Internet voting system failure - Fierce Government

Photo: State Dept.

“Responding to a call by Washington, D.C., election officials for outsiders with no previous access to test system security, Halderman and his students penetrated the pilot system within 48 hours of it going online. Their successful attack went undetected for another 36 hours, they say, despite the fact that they left a calling card in the form of having the vote confirmation screen to play the University of Michigan fight song after 15 seconds. Even then, the detection didn’t occur because D.C. officials spotted anomalies in intrusion detection system logs, or even stumbled on the fight song itself, but because someone on a mailing list monitored by the city asked, ‘does anyone know what tune they play for successful voters?’ ” (David Perera, Fierce Government)

Digital ants protect computer networks

“Unlike traditional security approaches, which are static, digital ants wander through computer networks looking for threats such as computer worms, self-replicating programs designed to steal information or facilitate unauthorized use of computers. When a digital ant detects a threat, it summons an army of ants to converge at that location, drawing the attention of human operators to investigate.” (Kerry M. King, Wake Forest University)

Genetics inspire cyber-security research

Genetics inspire cyber-security research

Photo: Wake Forest

“Cyber attacks usually take place in two phases, says Fulp. In the reconnaissance phase, a virus or other threat simply observes the landscape, identifies possible defense mechanisms and looks for the best way in. If nothing has changed since the reconnaissance phase upon return, the virus strikes. But security experts say even the slightest change in environment can make a huge difference in deterring a potential attacker.

‘Just as one might try to prevent a home robbery, our goal is to create a ‘moving target defense’ that detects cyber threats when they first case the house,’ explains Fulp. ‘If we can automatically change the landscape by adding the technological equivalent of security cameras or additional lighting, the resulting uncertainty will lower the risk of attack.’ ” (Katie Neal, Wake Forest University)

FTC Urges Apps For Kids Must Disclose Data-Collecting Practices

FTC Urges Apps For Kids Must Disclose Data-Collecting Practices - Wall Street Journal

Photo: AP

“The agency released a report Thursday that criticized developers and app marketplaces for not doing enough to disclose the data-collection practices of apps geared toward kids. It said it will conduct a six-month review to determine whether such apps violate the Children’s Online Privacy Protection Act.” (Matt Jerzemsky, Wall Street Journal)

Drones Set Sights on U.S. Skies

Drones Set Sights on U.S. Skies - New York Times

Photo: J. Emilio Flores for The New York Times

” ‘As privacy law stands today, you don’t have a reasonable expectation of privacy while out in public, nor almost anywhere visible from a public vantage,’ said Ryan Calo, director of privacy and robotics at the Center for Internet and Society at Stanford University. ‘I don’t think this doctrine makes sense, and I think the widespread availability of drones will drive home why to lawmakers, courts and the public.’ ” (Nick Wingfield & Somini Sengupta, NYTimes.com)

And check out these previous posts on drones.

 

Oscars vote vulnerable to cyber attack under new online system, experts warn

Oscars vote vulnerable to cyber attack under new online system, experts warn - The Guardian

Photo: Damian Dovarganes/AP

“But Everyone Counts’ security claims have been met with deep scepticism by a computer scientist community which has grappled for years with the problem of making online elections fully verifiable while maintaining ballot secrecy – in other words, being rigorous about auditing the voting process, but still making sure nobody knows who voted for what. So far, nobody has demonstrated that such a thing is possible.” (Andrew Gumbel, The Guardian)