Cryptography


Google + reCAPTCHA Could Raise Bar in Anti-Bot, Anti-Spam Fight

Locked in a cat-and-mouse game with spammers who use bots to defeat anti-fraud mechanisms and create fake accounts, Google today announced a deal to acquire reCAPTCHA, a company that provides those squiggly words at login screens.
The ReCAPTCHA deal isn’t exactly a security transaction.  Strategically, it gives Google an excellent crowd-sourcing tool to beef up its already impressive machine-vision algorithms (think book-scanning and maps) but, in the long run, the ability to use CAPTCHAs that are near-impossible for bots to decipher allows Google to raise the bar significantly in the fight against bots and spam.

New WiFi Attack Cracks WPA–Again

A pair of Japanese researchers have developed an improvement on an existing technique for attacking wireless LAN traffic that enables them to intercept and decrypt encrypted packets in about a minute, significantly lowering the barrier to entry for attackers looking to listen in on supposedly private connections.


This Google Tech Talk features researcher Nate Lawson discussing recent vulnerabilities in crypto libraries, why public key cryptography is like a Ford Pinto in a demolition derby and the password-hashing mess created by Web 2.0 sites.

Dennis Fisher talks with researcher Moxie Marlinspike about the innovative research on attacking the inherent weaknesses in the SSL infrastructure that he presented at Black Hat, and the tools he has released to demonstrate the attacks, SSLSniff and SSLStrip.

The cryptographic underpinnings of the Internet are beginning to show some serious wear, and the outlook for better days ahead is not particularly rosy. In just the last week there has been news of major new attacks on perhaps the two most widely used encryption technologies: SSL and AES. We’ve heard talk of cracks in both protocols before, but this time, even the most conservative observers are worried.

From Network World (Michael Cooney)
Researchers at IBM have developed software that uses optical character recognition and screen scraping to identify and cover up confidential data.
According to IBM the driving idea behind the MAGEN (Masking Gateway for Enterprises) system is to prevent data leakage and allow the sharing of data while safeguarding sensitive business data. Read the full story [Network World].

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.