Archive for August 31, 2010

RB | August 31, 2010
No comments

CAPTCHAs Broken

Mims Bits on MIT‘s Technology Review reports that researcher from UC San Diego have figured out how spammers use low-cost workers in Russia, Southeast Asia, and China to solve millions of CAPTCHAs in near real-time.

A CAPTCHA is that bit of distorted text you have to type back at a webpage when you’re trying to sign up for a new email account or leave a comment on a blog.  In order to prevent spammers from flooding the web with their malware researchers developed CAPTCHAs. CAPTCHAs are designed to be easy for humans to solve but challenging enough for computers to get right that automated systems would not be effective.

In what Mims calls an epic new analysis by the UC San Diego researchers, they uncovered the “seedy underbelly” of a sophisticated, highly automated, world-wide network of services that help spammers get past the CAPTCHAs. The article says that the inventors of CAPTCHA probably didn’t expect thousands of laborers working for less than $50 a month would be recruited by spammers to solve an endless stream of CAPTCHAs.  Automated middlemen deliver the  CAPTCHAs to the workers by and then sell the results to spammers in real-time, so that their spam bots can use those solutions to post to blogs and set up fraudulent email accounts according to a paper (PDF) delivered at the USENIX Security 10 Symposium.

The UC San Diego researchers analyzed where the workers involved in this scheme were located and found that they are based in India, Russia, Southeast Asia and China. The system is so efficient at delivering CAPTCHAs to workers in these remote locales that the average time for delivery of a solution hovers around 20 seconds. ImageToText, one of the CAPTCHA services the researchers experimented with was able to deliver correct results in “a remarkable range of languages,” including Dutch, Korean, Vietnamese, Greek and Arabic.

Even setting the sample CAPTCHAs to Klingon , as a control in their experiment, could not stop ImageToText, according to Technology Review. The workers managed to solve a handful of the Klingon CAPTCHAs despite odds of less than one in one thousand of their randomly getting the right answer.

The results of this landmark study, says Mims,  show that a number of sites, including those run by Microsoft (MSFT), AOLGoogle (GOOG) and the widely used reCAPTCHA, are regularly compromised by spammers employing these services. The researchers conclude that their investigation with an anonymous “Mr. E” who actually runs one of these services, proves that for advanced spammers, CAPTCHAs aren’t so much a barrier as a cost of doing business.

DarkReading has a report that independent security researcher Chad Houck recently demonstrated his work on solving Google’s (NASDAQ: GOOG) reCAPTCHA. reCAPTCHA was designed to stop software bots attempts to create free accounts on the Google services for their malware ways.  Despite recent enhancements made by Google, DarkReading says Houck came up with algorithms that could beat reCAPTCHA 30 percent of the time.

A 30% success rate means that automated software using Mr. Houck’s algorithm will be able to create one Google account out of just three attempts. Multiply those odds by the endless attempts by tens of thousands of zombies in a typical botnet, reCAPTCHA is broken.

In the DarkReading article, Houck notes that “[ReCAPTCHA] has never been wholly secure. There are always ways to crack it.” The researcher has since published a white paper on it, and has also released his algorithms online. For now at least, a Google spokesperson says there has not been any sign of this particular attack being actively used.

Related articles
Category: Malware, Security | Tags: , , , , , ,
RB | August 28, 2010
No comments

New School Year Same Security Threats

Another school year is starting up and security firm WatchGuard has a list of the top threat to school IT systems as classes start-up again.  Eric Aarrestad, Vice President at privately held WatchGuard Technologies says, ”With so much at risk and so much to gain by cybercriminals, today’s campus is one of the most dangerous IT environments around.” He continues, “Unlike enterprise organizations that can throw substantial resources towards network and data protection, schools and universities are more constrained, yet they face some of the most demanding security challenges due to the dynamic interaction between students and their school’s IT resources.”

WatchGuard’s top threats include:

Social Networks The security firm calls social networks, the number one threat to school and university networks is social networks, such as Facebook and MySpace. Unfortunately, social networks act as an ideal platform to launch a myriad of attacks against students and departments, including spam, viruses, malware, phishing and more. Adding to this, socially engineered attacks are often extremely successful due to the “trusted” environment that social networks create.

Malware As students and teachers use the web for education purposes, the Seattle-based firm company says many unwittingly expose themselves to drive-by downloads or corrupted websites, which inject malicious forms of software on their computers. Once infected, they risk becoming victims of identity theft or loss of personal information via spyware and keyloggers.

Viruses Today, email remains one of the primary ways for delivering viruses. According to the release, recent surveys suggest that 27 percent of users fail to keep their antivirus signatures which may, in any case, be unable to up stop the new generation of viruses with polymorphic properties.

Botnets The privately held security firm estimates that 15 to 20 percent of all school and university computers connected to the Internet may be part of a botnet. As part of a botnet, school and university systems may be used in a variety of unknown exploits, including spam delivery, denial of service attacks, click-fraud, identity theft and more.

Phishing Phishing scams continue to get more sophisticated and selective, with students being specifically targeted. WatchGuard claims that phishing attacks via social networks achieve a success rate of over 70 percent.

Hacking In a recent survey of education IT professionals, 23 percent ranked student hackers as one of their greatest threats to network security.

Access Control Usage of mobile devices and wireless access to education IT resources continues to plague network administrators. As use of mobile devices escalates, schools will face increasing challenges in managing authorized network access according to the security vendor.

WatchGuard Technologies provides a variety of Internet security software and hardware products, including firewalls, virtual private network (VPN) appliances, and anti-virus applications under the XTM, XCS, and e-Series brands.

Related articles
Category: Malware, Security | Tags: , , , , , ,
RB | August 25, 2010
No comments

Acer Beats Dell

I recently wrote about the troubles at Dell. Here is more proof of the downturn at DellBusinessInsider is reporting that Acer (LSE: ACID), the Taiwanese computer maker has posted another solid quarter of global PC sales, according to new data from Gartner.

The Asian and emerging markets drove Acer’s growth. It has also successfully ridden the explosion in netbook demand. The netbook market is drying up now, though thanks to Apple’s iPad. This could give Dell an opening, if it can execute well (a big if lately) and Taiwan based Acer has problems cracking the mainland China market.

Category: Hardware, PC | Tags: , , ,
RB | August 23, 2010
No comments

80% of US Job Seekers Wont Get Jobs Soon

The U.S. Labor Department recently reported that the unemployment rate held steady at 9.5%.   The analysts at Chart of the Day crunched some numbers and it looks like the U.S. is not out of the economic woods yet.  According to Chart of the Day, assuming that the depression, economic uncertainty, recession ended in June 2009, the current unemployment rate is exactly where it was at the end of the recession (9.5%). They offer some perspective on the current state of the labor market, their chart illustrates the amount of time it took for the unemployment rate to ultimately dip below (and stay below) its recession-end level for each recession since the late 1940s.

For example, at the end of the recession that ended in November 1982, the unemployment rate stood at 10.8%. As the chart illustrates, it took two months for the unemployment rate to drop below (and stay below) the recession-end level of 10.8%.

The Economic Policy Institute (EPI) pointed out last March that to absorb the nearly 15 million officially unemployed workers in this country, plus the roughly 2.6 million “marginally attached” workers (jobless workers who want a job but have given up actively seeking work and are not counted as officially unemployed), job openings and hiring must rebound dramatically.

The latest EPI numbers say that for every job filled, there are still 5 people who cannot find a job. In this environment of constant right-sizing, resource actions, mass-hiring, firms are stock-piling cash and not making things. The cash stock-piles are huge. The BusinessInsider has this graphic which says it all in my opinion.

Bloomberg reported in February that a  majority of companies in the Standard & Poor’s 500 stock index increased cash to a combined $1.18 trillion while simultaneously reducing spending, keeping a jobs recovery on hold. Bloomberg reports that firms such as:

  • Caterpillar Inc.
  • Eaton Corp.
  • Walgreen Co.
  • General Electric Co.

are among 256 companies that ended last quarter with billions more cash than a year earlier after cutting capital spending by 43 percent. Bloomberg economists say the dearth of investment is keeping the jobless rate at about 10 percent.

According to a Washington Post article,  non-financial companies are sitting on $1.8 trillion in cash, roughly one-quarter more than at the beginning of the recession. The Post sites a survey of more than 1,000 chief financial officers by Duke University and CFO magazine showed that nearly 60 percent of those executives don’t expect to bring their employment back to pre-recession levels until 2012 or later — even though they’re projecting a 12 percent rise in earnings and a 9 percent boost in capital spending over the next year.

It is noteworthy that, over the past two decades, it has taken much longer (on average) for the unemployment rate to drop below its recession-end level. The reasons for this increased time for the unemployment rate to turn around varies. One explanation that Chart of the Day offers is that following World War II, the US found itself in a strong/dominant economic position. It took time, but eventually many of the remaining world economies began to recover and we are now witnessing increased competition as a result of the rise of the rest.

If it globalization or corporate greed, the lack of jobs in the U.S. means 80% of job seeks are out of luck. “The 5-to-1 ratio means that there is literally only one job opening for every five unemployed workers. That is, for every four out of five unemployed workers there simply are no jobs.” explains EPI economist Heidi Shierholz.

Category: Recession | Tags: ,
RB | August 22, 2010
No comments

MTC Coming to Michigan

Microsoft Corporation (NASDAQ: MSFT) will expand its Michigan operations by creating a business consulting center in Southfield, MI. Crains reports that the Redmond, WA-based software company will be creating a Microsoft Technology Center, one of nine in the country, in the Southfield Town Center. Microsoft has used the concept in other markets to help businesses use its products to solve problems, but also as a way for the companies to help each other,  Drew Costakis, director of the Southfield technology center told Crains.

“Our new Technology Center is another expression of Microsoft’s longstanding commitment to the Detroit community, and we believe it will become a valuable resource for metro Detroit businesses,” said Mr. Costakis .“Because of its central location in southeast Michigan, the new facility is in an ideal location for customers throughout the region, enabling them to take advantage of all our technology offerings closer to home,” Mr. Costakis told the Oakland Press.

“We can do things at the high level to envision what to do with our software, we can collaborate on product designs, or even how to work from home,” he said.  “At the same time, we have a large partner ecosystem with companies such as HP, EDS and Siemens. We can help our customers make connections as well.” Costakis explains “In Chicago, for example, where we’ve been there for a long time, it’s constantly booked.” Microsoft said its lease of the space began Aug. 1, and the opening of the Microsoft Technology Center opening is planned for late fall.

Currently, there are eight Microsoft Technology Center in the U.S.

  • Atlanta
  • Boston
  • Chicago
  • Dallas
  • Irvine, CA
  • New York
  • Reston, VA
  • Silicon Valley

Costakis would not comment on how many employees might be added for the expansion. Microsoft has 200 employees in Southfield and now occupies approx. 40,000 square feet in the 1000 building of the Southfield Town Center office complex. The MTC will occupy space next to Microsoft’s existing Southfield office on the 19th floor of 1000 Town Center Drive and occupy an extra 17,000 square feet. Microsoft has been a tenant of Southfield Town Center for 19 years

Mr. Costakis, a former automotive engineer, said it would be ideal to have a relationship with Lawrence Technological University across the Lodge Freeway.

Related articles
Category: Business, Michigan | Tags: , , , , , ,
« Older Entries  

Switch to our mobile site