NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0338 Criminals Devise Means to Circumvent "Captcha" Test:


Criminals are devising ways to work around successful implementations of "Captchas", according to an online IT news report. The distorted text images - known as Captchas or "Completely Automated Public Turing test to tell Computers and Humans Apart" - are commonly used on web sites to stop automated systems from carrying out procedures intended for interaction with individual persons, such as signing up for accounts. Captcha work-arounds trick people into interpreting and typing in the Captcha text. They have reportedly been used to take over accounts and use them to send spam.

"The free email services, so far, have been extremely successful at using Captchas to recognize a human being or an automatic program," said Raimund Genes of Trend Micro.

One tactic used to enlist human assistance to get around Captchas guarding Yahoo Web mail account initialization used images of a woman who invites unwitting web users to interpret a set of Captchas. Entering each correct interpretation produces a progressively unclothed picture of the woman. This virtual stripper program appears on machines that are already infected with malicious software, said Genes, and the program is activated when the Internet Explorer browser is used.

(http://news.bbc.co.uk 30OCT07)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Wednesday, 23-Jan-2008 16:44:56 EST