Security Web Digest: Spam Blocking Technique Frustrates The Blind

Challenge-Response whitelist systems make email inaccessible to the visually-impaired. Legal experts warn of ADA lawsuits. Web application security market booming NetScreen firewall/VPN integrates IPv6 support Adobe Systems


An increasingly popular technique for preventing e-mail abuse is frustrating some visually impaired Net users, setting the stage for a conflict between spam busters and advocates for the disabled. Many companies have recently begun requiring users to pass a verification test in order to access their services -- typically by typing into a Web form a few characters that appear on the form in a guise that prevents a computer or software robot from recognizing and copying them. The technique, now used by Web giants Yahoo, Microsoft, VeriSign and others, seeks to block software bots from signing up for Web-based e-mail accounts that can be used to launch spam and from scraping e-mail addresses from online databases. The scheme increasingly hindering the progress of Web surfers with visual disabilities -- raising the ire of advocates for the blind, spurring plans for alternatives from a key Web standards group and eliciting warnings from legal experts who say that the practice could expose companies to lawsuits brought under the Americans with Disabilities Act.


Market demand for Web application security products will approach $2 billion by 2007, according to a Yankee Group study released Monday. With a 100 percent growth rate this year, the sectors expansion occurs as the widening embrace of Web-based services by both enterprise and government organizations is matched by growing awareness of the large differences in security challenges between the open-architecture Web and hardened closed networks, said Yankee Group security software analyst Eric Ogren. "Corporate networks that once were shielded by a security perimeter are now exposed to the world of Internet users," Ogren said in a statement accompanying the reports release. "The architectural changes are a direct contrast to the hard-perimeter techniques that dominated security in the 1990s."

NetScreen on Monday announced the availability of a NetScreen ScreenOS technology release for its integrated firewall and VPN security solutions that demonstrates IPv6 support. This technology release can help service providers and enterprises define and validate their IPv6 security architectures and drive IPv6 network deployment plans with the confidence that their critical network resources can be protected, the company said in a statement. NetScreen anticipates the introduction of a NetScreen ScreenOS version that includes more advanced IPv6 features for pilot production deployments in the first half of 2004 and availability of a full-featured IPv6 compatible version of ScreenOS for production environments in the second half of 2004.


Adobe Systems has begun testing online activation of its Photoshop 7.0 application in Australia as a way of stemming the illegal use of its software. If the pilot is successful, and so far it is, the developer plans to begin using software activation in the United States later this year or early next, beginning with Photoshop and then expanding to other apps. Drew McManus, director of Adobes anti-piracy efforts, says activation will require that customers who buy shrink-wrapped software -- mainly consumers and small businesses -- provide a serial number thats checked against its database, a process that takes 20 seconds or less. If the serial number is deemed legitimate, the encrypted application gets unlocked.


Neoteris Inc. on Monday announced a family of appliances to help companies provide secure online meetings. Neoteris Meeting Series will debut late this month as a software upgrade to the Neoteris Instant Virtual Extranet (IVE) Access Series product line and will appear as a stand-alone appliance late this year, Neoteris officials said. It will be the first appliance to apply Secure Sockets Layer (SSL) virtual private network (VPN) technology to online meetings, said Dave Kosiur, an analyst at Burton Group in Midvale, Utah.


Users hoping for a sneaky peek at some candid shots of Hollywood star Julia Roberts in compromising positions are facing disappointment -- the email attachment turns out to be a computer virus. Curious smut-seekers are in danger of infecting their machines with the mass-mailing worm MyLife.M, which purports to be a screen saver featuring the Notting Hill star. As with other mass mailers the email attachment, when activated, searches out email addresses on the infected machine and forwards itself on to all names in the affected users address book. Worse still, if the time is between 50 and 59 minutes past the hour, upon activation, it will also attempt to delete files from the machines hard drive, according to antivirus firm Sophos. Anna Kournikova, Jennifer Lopez, Catherine Zeta Jones and Colombian singer Shakira have all be given the dubious honor of having a virus named after them.