Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • IT Management

    Researchers Aim to Fortify CAPTCHA Against Spammers

    By
    Brian Prince
    -
    January 6, 2009
    Share
    Facebook
    Twitter
    Linkedin

      One of the well-reported security trends of 2008 was the defeat of CAPTCHA systems for a number of Web-based e-mail services, including Yahoo and Gmail.

      With spammers increasingly finding their way around these safeguards, making the hurdles spammers have to jump just a little higher is an important security concern.

      By circumventing CAPTCHA tests, which attempt to keep out automated responses, spammers can abuse free, Web-based e-mail services to more easily send out their wares because the reputable domain being used is less likely to be blocked by a spam filter. According to an end-of-the-year report by MessageLabs, now a part of Symantec, the amount of spam coming from Webmail accounts peaked at 25 percent of all spam in September 2008 and averaged about 12 percent for the rest of the year.

      Click here to read more about the assault on CAPTCHA systems.

      Spammers are using a variety of techniques to accomplish this. Some of their success is due to their use of “mechanical turks,” people who either directly or indirectly create accounts traded online. Other spammers, however, rely on software to crack CAPTCHA. It is in this area that CAPTCHA researchers are focused.

      Right now, Microsoft is investing in enhancements to its CAPTCHA system to make it both more readable for users and less susceptible to automated attacks. Some of the improvements include new image distortion logic, overlapping characters and dynamic monitoring to observe attacks in real-time in order to make the necessary adjustments.

      Researchers at Microsoft are also at the center of two CAPTCHA-related projects. One, dubbed Asirra, asks users to identify 12 photographs as either cats or dogs. The images come from Petfinder. The other project is called Inkblot Authentication, and it works by asking the user to form semantic associations with a set of randomly generated inkblot-like images. The image associations are then used to authenticate the user.

      Neither project has a firm timeline for product development, though Asirra is currently in use in prototype form by a number of organizations.

      “It seems common for people who are not CAPTCHA researchers to think that the main challenge in designing a CAPTCHA is to find a task that is easy for humans but difficult for computers,” said John Douceur, a researcher at Microsoft. “However, this is not very challenging at all.”

      Instead, the challenge is twofold, he said. First, there must be a way of generating several unique instances of the task. Second, it must be possible for the system to easily determine whether the user answered the CAPTCHA correctly, even though the CAPTCHA is hard for computers to solve.

      In the case of Asirra, there are currently about 4 million images in the database, which contains all images that have ever been on Petfinder, not only the currently active images.

      “The current research prototype uses only half of those 4 million images, partly because we have not yet implemented all of the security features that we have designed for Asirra,” Douceur said. “If someone cracks our current version, we can implement the additional security features and switch over to the other half of the database without suffering any long-term problem.”

      Another CAPTCHA approach used to thwart spammers is using animated text, such as letters and numbers that scroll.

      “The more complex CAPTCHAs are not as easily solved, but other, non-automated techniques are highly effective against them,” said Gartner analyst Andrew Walls.

      For example, there are outsourcers in various countries that market CAPTCHA-solving services, he said. On the plus side, doing so raises the cost of the attack for the spammer, therefore increasing the effectiveness of the CAPTCHA mechanism, he added.

      “These vendors have a group of employees that solve CAPTCHAs that are forwarded to them by automated means,” Walls said. “A spammer that wants to defeat CAPTCHAs can put together code that attempts to enter a protected site and have the code forward a copy of the CAPTCHA to the outsourcer for solving. The solution is returned in a few seconds, the CAPTCHA is defeated and the spammer moves ahead.”

      In the short term, MessageLabs Senior Analyst Paul Wood predicted that the majority of CAPTCHA techniques will be similar to what is common today, with some adoption of approaches such as animated text.

      “As more sites add more and more rich functionality … they become increasingly attractive to the bad guys who can exploit these tools to their advantage,” Wood said. “If the only thing protecting them from the bad guys is the CAPTCHA, then the rewards are often sufficient for the criminals to continue developing means to defeat them.”

      Brian Prince

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×