[jaws-uk] Re: Web site security
- From: Léonie Watson <tink@xxxxxxxxxx>
- To: <jaws-uk@xxxxxxxxxxxxx>
- Date: Sun, 15 Jun 2008 20:00:32 +0100
Evening,
CAPTCHA is a security technique increasingly used by websites to
prevent people wishing to open accounts for the purpose of causing problems
and damage on the Internet. People who work in the spam business will
attempt to write programmes that will automatically run through the sign up
process for an account many times, very quickly.
The aim is to create thousands of false accounts, particularly with
websites such as Hotmail, Yahoo and Google. When the accounts have been
created, they're used once only to send out hundreds of thousands of spam
emails to the likes of you and I. Because the accounts are only used once,
it effectively renders the spammers untraceable and makes it worthless
trying to block the spammer's address within your email programme.
The CAPTCHA technique asks users to identify a series of characters
in an image. The characters are visually distorted, to prevent the spammers
from using OCR technology within their automated sign up programmes.
Some websites, such as PayPal, offer an Audio-CAPTCHA alternative,
which offers access to the same characters via an audio file. The audio is
also distorted, to prevent spammers from using speech recognition tools
within their automated sign up programmes.
Tools like CAPTCHA Killer will be effective up to a point, but are
not a long term solution. Any CAPTCHA that the CAPTCHA Killer can
successfully complete will also be successfully completed by the spammers.
It's just an another automated tool, probably just a lot less sophisticated
than the tools used by the spammers.
The debate over whether CAPTCHA is an effective security technique
has been going on for a while now. Similarly, the concern for accessibility
has also been raised.
The trouble is that at present, there is no viable alternative
that's in a position to replace CAPTCHA. There are other theories out there,
but none have the widespread application that CAPTCHA does. It is also
possible that there is not a clear case under the DDA, due to the
"reasonable effort" phraseology which would make it plausible to argue that
the security of the many means it would not be reasonable to remove the
CAPTCHA, providing any kind of accessible alternative were provided, such as
an email address.
It's a difficult issue, certainly a contentious one. I thought the
above round up would help people understand more about the technology.
Regards,
Léonie.
--
http://www.tink.co.uk/
** To leave the list, click on the immediately-following link:-
** [mailto:jaws-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** jaws-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:jaws-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** jaws-uk-request@xxxxxxxxxxxxx with the Subject:- faq
Other related posts:
