Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • IT Management

    Researchers Aim to Fortify CAPTCHA Against Spammers

    By
    BRIAN PRINCE
    -
    January 6, 2009
    Share
    Facebook
    Twitter
    Linkedin

      One of the well-reported security trends of 2008 was the defeat of CAPTCHA systems for a number of Web-based e-mail services, including Yahoo and Gmail.

      With spammers increasingly finding their way around these safeguards, making the hurdles spammers have to jump just a little higher is an important security concern.

      By circumventing CAPTCHA tests, which attempt to keep out automated responses, spammers can abuse free, Web-based e-mail services to more easily send out their wares because the reputable domain being used is less likely to be blocked by a spam filter. According to an end-of-the-year report by MessageLabs, now a part of Symantec, the amount of spam coming from Webmail accounts peaked at 25 percent of all spam in September 2008 and averaged about 12 percent for the rest of the year.

      Click here to read more about the assault on CAPTCHA systems.

      Spammers are using a variety of techniques to accomplish this. Some of their success is due to their use of “mechanical turks,” people who either directly or indirectly create accounts traded online. Other spammers, however, rely on software to crack CAPTCHA. It is in this area that CAPTCHA researchers are focused.

      Right now, Microsoft is investing in enhancements to its CAPTCHA system to make it both more readable for users and less susceptible to automated attacks. Some of the improvements include new image distortion logic, overlapping characters and dynamic monitoring to observe attacks in real-time in order to make the necessary adjustments.

      Researchers at Microsoft are also at the center of two CAPTCHA-related projects. One, dubbed Asirra, asks users to identify 12 photographs as either cats or dogs. The images come from Petfinder. The other project is called Inkblot Authentication, and it works by asking the user to form semantic associations with a set of randomly generated inkblot-like images. The image associations are then used to authenticate the user.

      Neither project has a firm timeline for product development, though Asirra is currently in use in prototype form by a number of organizations.

      “It seems common for people who are not CAPTCHA researchers to think that the main challenge in designing a CAPTCHA is to find a task that is easy for humans but difficult for computers,” said John Douceur, a researcher at Microsoft. “However, this is not very challenging at all.”

      Instead, the challenge is twofold, he said. First, there must be a way of generating several unique instances of the task. Second, it must be possible for the system to easily determine whether the user answered the CAPTCHA correctly, even though the CAPTCHA is hard for computers to solve.

      In the case of Asirra, there are currently about 4 million images in the database, which contains all images that have ever been on Petfinder, not only the currently active images.

      “The current research prototype uses only half of those 4 million images, partly because we have not yet implemented all of the security features that we have designed for Asirra,” Douceur said. “If someone cracks our current version, we can implement the additional security features and switch over to the other half of the database without suffering any long-term problem.”

      Another CAPTCHA approach used to thwart spammers is using animated text, such as letters and numbers that scroll.

      “The more complex CAPTCHAs are not as easily solved, but other, non-automated techniques are highly effective against them,” said Gartner analyst Andrew Walls.

      For example, there are outsourcers in various countries that market CAPTCHA-solving services, he said. On the plus side, doing so raises the cost of the attack for the spammer, therefore increasing the effectiveness of the CAPTCHA mechanism, he added.

      “These vendors have a group of employees that solve CAPTCHAs that are forwarded to them by automated means,” Walls said. “A spammer that wants to defeat CAPTCHAs can put together code that attempts to enter a protected site and have the code forward a copy of the CAPTCHA to the outsourcer for solving. The solution is returned in a few seconds, the CAPTCHA is defeated and the spammer moves ahead.”

      In the short term, MessageLabs Senior Analyst Paul Wood predicted that the majority of CAPTCHA techniques will be similar to what is common today, with some adoption of approaches such as animated text.

      “As more sites add more and more rich functionality … they become increasingly attractive to the bad guys who can exploit these tools to their advantage,” Wood said. “If the only thing protecting them from the bad guys is the CAPTCHA, then the rewards are often sufficient for the criminals to continue developing means to defeat them.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×