We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Analysis: a week in IT security

The challenge of protecting systems and data

When it comes to security in IT, not a week goes by without a major discovery. We look at several stories that have cropped up recently to reveal the ongoing challenges invlved in protecting systems and data.

Bot solves Captchas using audio

Most popular webmail sites require new users to answer a Captcha challenge (which requires typing in obscured letters to validate) to activate a new address.

This is to stop malicious hackers and spammers from using the free service to send unauthorised content.

Spammers, in particular, have invented all sorts of ways to get around the Captchas.

Initially, they built very accurate OCR engines to answer the Captchas. Email vendors responded by making the text ever more difficult for OCR to identify.

In fact, it's so bad now that even though I have 20/20 vision, I often struggle to figure out which letter I should be typing in.

To meet the needs of the visually impaired, vendors now allow users to listen to an audio clip of the Captcha characters they need to retype.

In response, a new malware creation has emerged. According to The Register and confirmed by several antivirus companies, a new spam bot has built-in capabilities to listen to the audio files and simulate typing in the answer.

The bot is apparently quite accurate - a point goes to the spammers.

This approach is now my 'favourite' Captcha-bypassing technique. Before, it was spammers hiring people (often in third-world countries) to bypass the Captchas all day long.

Convicted hacker gets to keep most of what he stole

In a disappointing development, judges continue to hand out astoundingly insignificant punishment for cyber criminals.

While I'll admit I don't know all the facts in this popular case, it seems to me that a key player - who wrote the exploit code for one of the world's biggest hacks - got away with just a delicate slap on the wrist.

Twenty-nine-year-old Jeremy Jethro received $60,000 (£39,600) for writing exploit code that he gave to Albert Gonzales.
As punishment for his crime, Jethro got three years' probation and a $10,000 (£6,600) fine.

Gonzales is probably the most popular and well-known American hacker since Kevin Mitnick.

He has been charged with multiple crimes, including stealing 90 million credit card numbers and information from at least half a dozen of the biggest stores in the world. That's only what the authorities know about.

Jethro has, of course, found religion after being caught. That's all great. What I don't understand is why he doesn't even have to pay back the entire $60,000, not to mention the prosecution and court costs that it took to sentence him.

Help rob a physical bank or store and you can be assured you'll spend time in prison and have to pay back all of your ill-gotten gains. Why don't the same rules apply in cyber space?

NEXT PAGE: US setting sites on countries harbouring cyber criminals

  1. We look at the ongoing challenges of protecting systems and data
  2. Bot solves Captchas using audio
  3. US setting sites on countries harbouring cyber criminals


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Best Photoshop Tutorials 2014: 10 inspiring step-by-step guides to creating amazing art,...

IDG UK Sites

Mac tips tricks & hacks: 10 things you didn't know your Mac could do