Communications of the ACM
Captcha-Busting Villains Branch Out From Spam Into Id Theft
Credit: www.geekamongus.com
A recent Imperva study found that cybercriminals are using Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHA) circumvention techniques in attacks to harvest financial and other personal data.
Hackers use computer-assisted tools based on optical character recognition or machine-learning technologies, as well as tools that outsource CAPTCHA-breaking to vast communes of hackers. Cybercriminals also trick naive users into being a part of the crowdsourcing effort for CAPTCHA solutions by rewarding them for helping to break codes.
Imperva says this latest hacker threat puts the onus back on CAPTCHA providers to make life more difficult for these hackers. Approaches such as traffic-based automation detection, behavioral analysis, content analysis, and blacklists can help distinguish suspicious parties from genuine surfers. "CAPTCHA security must be balanced against a positive user experience, but can readily be improved by deploying anti-automation solutions to help prevent hackers from employing anti-CAPTCHA tools," says Imperva CEO Amichai Shulman.
From The Register (UK)
View Full Article
Abstracts Copyright © 2012 Information Inc. 
, Bethesda, Maryland, USA
No entries found