When it comes to security in IT, not a week goes by without a major discovery. We look at several stories that have cropped up recently to reveal the ongoing challenges invlved in protecting systems and data.

Bot solves Captchas using audio

Most popular webmail sites require new users to answer a Captcha challenge (which requires typing in obscured letters to validate) to activate a new address.

This is to stop malicious hackers and spammers from using the free service to send unauthorised content.

Spammers, in particular, have invented all sorts of ways to get around the Captchas.

Initially, they built very accurate OCR engines to answer the Captchas. Email vendors responded by making the text ever more difficult for OCR to identify.

In fact, it's so bad now that even though I have 20/20 vision, I often struggle to figure out which letter I should be typing in.

To meet the needs of the visually impaired, vendors now allow users to listen to an audio clip of the Captcha characters they need to retype.

In response, a new malware creation has emerged. According to The Register and confirmed by several antivirus companies, a new spam bot has built-in capabilities to listen to the audio files and simulate typing in the answer.

The bot is apparently quite accurate - a point goes to the spammers.

This approach is now my 'favourite' Captcha-bypassing technique. Before, it was spammers hiring people (often in third-world countries) to bypass the Captchas all day long.

Convicted hacker gets to keep most of what he stole

In a disappointing development, judges continue to hand out astoundingly insignificant punishment for cyber criminals.

While I'll admit I don't know all the facts in this popular case, it seems to me that a key player - who wrote the exploit code for one of the world's biggest hacks - got away with just a delicate slap on the wrist.

Twenty-nine-year-old Jeremy Jethro received $60,000 (£39,600) for writing exploit code that he gave to Albert Gonzales.
As punishment for his crime, Jethro got three years' probation and a $10,000 (£6,600) fine.

Gonzales is probably the most popular and well-known American hacker since Kevin Mitnick.

He has been charged with multiple crimes, including stealing 90 million credit card numbers and information from at least half a dozen of the biggest stores in the world. That's only what the authorities know about.

Jethro has, of course, found religion after being caught. That's all great. What I don't understand is why he doesn't even have to pay back the entire $60,000, not to mention the prosecution and court costs that it took to sentence him.

Help rob a physical bank or store and you can be assured you'll spend time in prison and have to pay back all of your ill-gotten gains. Why don't the same rules apply in cyber space?

NEXT PAGE: US setting sites on countries harbouring cyber criminals

  1. We look at the ongoing challenges of protecting systems and data
  2. Bot solves Captchas using audio
  3. US setting sites on countries harbouring cyber criminals