Reg Smart Software Cracks Sound-based CAPTCHA Security May 2011 Jacob Aron, technology reporter Efforts to make the web more accessible have unwittingly made it less secure, according to computer scientists who have developed software to crack the audio CAPTCHAs used by websites as part of their sign-up process. You're probably familiar with traditional CAPTCHAs, the obscured words used to verify that a new user is a person rather than a bot, but the image-based security measure is difficult for visually impaired people to use. To help such users websites also offer audio CAPTCHAs, in which a computerized voice reads out letters or digits distorted by noise, but their security hadn't been as extensively studied as the visual versions. Now, researchers have used software called Decaptcha to crack commercial audio CAPTCHAs used by eBay, Microsoft, Yahoo and others, with success rates from 41 to 89 per cent. The system known as reCAPTCHA - developed by the original inventors of the CAPTCHA and now owned by Google - was more resilient to attack, with only 1.5 per cent of CAPTCHAs broken. Even such a low success rate renders audio CAPTCHAs useless, as an attacker in control of a large botnet of infected computers can easily afford to make 100 attempts for every successfully created account. Decaptcha uses a number of audio-processing techniques to remove noise and identify the individual digits in an audio CAPTCHA. The software has to be trained for 20 minutes on each type of CAPTCHA and can then solve tens of CAPTCHAs per minute on an ordinary desktop computer. The researchers say their techniques leave most modern audio CAPTCHAs unusable, and alternatives must be developed. Decaptcha struggles only with CAPTCHAs that include semantic noise, which are sounds that share characteristics with spoken digits such as music or vocal tracks. For example, reCAPTCHA uses background conversations to obscure the digits, making it hard for the software to pick them out. Humans can also find these CAPTCHAs difficult to understand, however, which means reCAPTCHA has a high failure rate. The researchers suggest using music rather than vocal tracks could create CAPTCHAs that are still hard for Decaptcha but easier for humans, because we can tune in to the correct sounds. They presented their work yesterday at the IEEE Symposium on Security and Privacy in Oakland, California. http://www.newscientist.com/blogs/onepercent/2011/05/audio-captchas-cracked.html ----- Ticketmaster Makes Website Fully Accessible and Fan-Friendly to Blind Users SOURCE Live Nation Entertainment BALTIMORE, April 26, 2011 /PRNewswire The National Federation of the Blind (NFB), the nation's leading advocate for Internet access by blind Americans, today announced a cooperative agreement with Ticketmaster, the global event ticketing leader and one of the world's top five eCommerce sites, to make its website fully accessible to the blind. Under the agreement, Ticketmaster will make its website (www.ticketmaster.com) fully accessible to blind users utilizing screen access technology by December. Screen access technology converts what is on the computer screen into synthesized speech or Braille. Dr. Marc Maurer, President of the National Federation of the Blind, said: "An increasing number of goods and services are now offered primarily over the Internet and Ticketmaster's extremely popular ticket sales website is a prime example of this trend. Ticketmaster customers gain many of the company's valuable benefits and services, including access to special pre-sales and promotions, through its website. The National Federation of the Blind is pleased that Ticketmaster has recognized the importance of providing equal access to its website for its blind customers, and we look forward to working with the company to achieve that goal. The National Federation of the Blind will continue to work tirelessly until the blind have equal access to the full range of products and services available to the public through the Internet and other information technologies." "For Ticketmaster, the future is all about the fans. We want to participate wherever and however so that fans can have the best possible fan-friendly experience," said Nathan Hubbard, CEO of Ticketmaster. "Partnering with the National Federation of the Blind is enabling us to address the needs of our blind fans, so that they can have the same positive experience when purchasing tickets for their favorite artists' performance or any live event. We are committed to working with NFB to enhance the Ticketmaster website so that it's accessible and usable by all of our fans out there." Pursuant to the agreement, Ticketmaster will develop a comprehensive accessibility program that will include the development of an accessibility guidelines manual, as well as the appointment of both an accessibility coordinator and an accessibility committee. Additionally, Ticketmaster will continue to work with officials of the National Federation of the Blind to ensure that the Ticketmaster services remain accessible to the blind. Ticketmaster will submit its website to the NFB Nonvisual Accessibility (NFB-NVA) Web Certification program, a rigorous procedure by which websites and applications that have made efforts to be accessible to the blind can be identified and recognized. The NFB-NVA Web Certification program continuously monitors participating sites to ensure that they remain compliant with certification criteria. If a site remains accessible, its certification is renewed on an annual or a version basis. If accessibility issues arise, the National Federation of the Blind will work with the site developers to remedy them. ----- Reginald George Adaptive Technology Specialist Kansas City Missouri 816-200-1064 adapt@xxxxxxxxx To subscribe or to leave the list, or to set other subscription options, go to www.freelists.org/list/real-eyes