IGEL extends UK distribution with Arrow appointme... » Reading, UK: IGEL Technology has appointed Arrow Electronics Inc. as a distributor in the UK. The ap... Parliament receives troop rotation details for fi... » The troop rotation arrangements outlining the tour lengths for deployed UK personnel between now and... Lancope joins Cloud Security Alliance to help prot... » LONDON (UK): Lancope, Inc., a leader in network visibility and security intelligence, has joined the... Why Hosters Should Care About Web Security » Last week, the “Moroccan Ghosts” published a list of 52 defaced Israeli sites, replacing site conten... AhnLab sets aggressive business growth targets in... » LONDON, UK: AhnLab, a leader in advanced internet security protection for businesses, today announce... Unified Security Management provider included i... » San Mateo, Calif.: AlienVault, the leading Unified Security Management provider committed to making ... Prolexic issues recommendations for validating DDo... » HOLLYWOOD, FL: Prolexic, the global leader in Distributed Denial of Service (DDoS) protection servi... Hitachi TrueNorth Partners have a complete solutio... » LONDON (UK): Varonis Systems Inc., the leading provider of comprehensive data governance software, t... Barracuda web application firewall enhances protec... » Basingstoke: Barracuda Networks Inc, a leading provider of security and storage solutions, has annou... ProRail chooses NICE Situator for security, safety... » NICE is partnering with Geodan to deploy an integrated security solution for improved incident respo...

Sub Menu

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

Imperva’s report highlights CAPTCHA security concerns

Print PDF

Written by DARSHNA KAMANI | 19 June 2012

Anti-automation solutions help prevent computer-assisted tools and crowd sourcing from bypassing anti-spam services

Redwood Shores, Calif.: Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today released its June Hacker Intelligence report, “A CAPTCHA in the Rye,” which examines CAPTCHA security concerns. Computer-assisted tools and crowd sourcing can easily bypass traditional anti-spam solutions, forcing CAPTCHAs to evolve to address these techniques.

A CAPTCHA, or a Completely Automated Public Turing test to tell Computers and Humans Apart, is a common security measure used to distinguish human users from automated browsing applications, helping to prevent automated tools from abusing online services. Hackers have developed numerous methods to bypass CAPTCHAs, such as computer-assisted tools and crowd sourcing, forcing CAPTCHA providers to constantly monitor and innovate their services.

“CAPTCHA security, like many other security segments, is a battle of innovation between hackers and security professionals,” said Amichai Shulman, CTO, Imperva. “CAPTCHA security must be balanced against a positive user experience, but can readily be improved by deploying anti-automation solutions to help prevent hackers from employing anti-CAPTCHA tools.”

“A CAPTCHA in the Rye” provides contextual analysis and real-world case studies focused on CAPTCHA solutions, including:

Methods for Bypassing CAPTCHA – Imperva highlights two main approaches hackers take to solve CAPTCHAs: Computer-assisted tools based on Optical Character Recognition or Machine Learning technologies and crowdsourcing CAPTCHA solving to third-party agents.

Emerging CAPTCHA Technology – Novel approaches to CAPTCHA implementation include delivering more difficult CAPTCHAs to suspicious users, integrating simple riddles and contextual semantics, all of which are more difficult for automated tools to solve.

Lessons Learned from Real World Deployments – Imperva analyzed a series of case studies focused on bypassing CAPTCHAs to identify common trends, such as incomplete browser headers and high rate requests per minute.

Imperva advises anti-automation solutions to bolster CAPTCHA defenses with traffic-based automation detection, behavioral analysis, content analysis and blacklists.

< Prev   Next >

Add comment


Security code
Refresh