Lost+Found: Cracked CAPTCHAs and lost ISS codes
Too short for news, too good to lose; Lost+Found is a round up of useful security news. Today: cracking video CAPTCHAs, control codes for the International Space Station, a new version of the Network Security Toolkit and live chat banking malware.
- Security researchers at the Stanford University Security Lab that previously cracked audio and text-based CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) mechanisms have now cracked video CAPTCHAs. According to team member Elie Burstztein, the researchers were able to break the current version of NuCaptcha with a more than 90 per cent success rate. In a post on his blog, Burstztein discusses how they were able to bypass the anti-spam tests as well as some proposed solutions to fix them.
- Unencrypted command codes used to control the International Space Station (IIS) were on a laptop stolen from NASA in March 2011 according to recently released written testimony by NASA Inspector General Paul K. Martin. Other lost or stolen notebooks and mobile devices – 48 in total between April 2009 and April 2011 – contained employee Social Security numbers and sensitive data on NASA's Constellation and Orion programs. Martin also noted that, while a 2010 report showed that the Government-wide encryption rate of these types of devices was 54% in 2010, as of 1 February 2012 only one per cent of NASA's portable devices have been encrypted.
- Version 2.16.0 of the Network Security Toolkit (NST) has been released with several new features and major improvements to the Network Interface Bandwidth Monitor application. Based on Fedora 16, the distribution uses the 3.2.7 Linux kernel, and includes a new web user interface ARP Scan AJAX application for locating hosts on a network; with it, users can also perform security auditing on each discovered host. NST 2.16.0 is available to download from SourceForge.