CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer. In simple words, CAPTCHA is the word verification test that you will come across the end of a sign-up form while signing up for Gmail or Yahoo account. The following image shows the typical samples of CAPTCHA.
Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.
What Purpose does CAPTCHA Exactly Serve?
CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.
What is the Need to Create a Test that Can Tell Computers and Humans Apart?
For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.
Who Uses CAPTCHA?
CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.
Wednesday, July 21, 2010
Open USB Drives but be notified by a Email and a Log File VB Script
HKEY_LOCAL_MACHINE = &H80000002
strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","My-Computer")
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
If Err.Number Then
WScript.Echo "Computer Name Does Not Exist"
Wscript.Quit
End If
dim objNetwork
Dim fso
Dim CurrentDate
Dim LogFile
CurrentDate = Now
Set objNetwork = WScript.CreateObject("WScript.Network")
Set fso = CreateObject("Scripting.FileSystemObject")
strUser = objNetwork.UserDomain
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
ValueName = "WriteProtect"
DwordValue = "0"
objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue
If IsNull(DwordValue) Then
Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue
Elseif DwordValue=0 then
Wscript.Echo "The USB Key for computer " & strComputer & " is: Open and Not Read Only! - ", DwordValue
Set LogFile = fso.OpenTextFile(BinPath & "ChangeLog.log",8,true,0)
LogFile.WriteBlankLines 1
LogFile.WriteLine("================================================================================")
LogFile.WriteLine("USB Access changed to OPEN" & " By User " & objNetwork.UserName )
LogFile.WriteLine(Now & " - The Registry Key for " & strComputer & " is open.")
LogFile.WriteLine("================================================================================")
LogFile.WriteBlankLines 1
LogFile.Close
' ------ NOTIFY OF USB KEY CHANGE ACCESS ------
strFrom = "usbaccess@yourdomain.com.au"
strTo = "it@yourcompany.com.au"
strSub = "USB Access changed to OPEN" & " By User " & objNetwork.UserName
strBody = "USB Access changed to OPEN" & " By User " & objNetwork.UserName & " on " & Now & " - The Registry Key for " & strComputer & " is now open."
strSMTP = "YOUR-INTERNAL-SMTP-SERVER"
' ------ END CONFIGURATION ---------
set objEmail = CreateObject("CDO.Message")
objEmail.From = strFrom
objEmail.To = strTo
objEmail.Subject = strSub
objEmail.Textbody = strBody
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTP
objEmail.Configuration.Fields.Update
objEmail.Send
else
Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue
End if
If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _
strComputer & "\root\cimv2")
Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOS in colOS
objOS.Reboot()
Next
End If
Locking down USB Drives to Read Only VB Script
| HKEY_LOCAL_MACHINE = &H80000002 Err.Clear strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","IT-0") ' Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") On Error Resume Next if strcomputer = "" then Wscript.Quit End if Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies" objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath ValueName = "WriteProtect" DwordValue = "1" objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue If IsNull(DwordValue) Then Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue Elseif DwordValue=0 then Wscript.Echo "The USB Key for computer " & strComputer & " is now OPEN: Not Read Only! - ", DwordValue else Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue End If If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _ Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") For Each objOS in colOS End If | | |
| |
|---|
Botnet C&C centers move to social networks
Twitter accounts have been used as such for a while now, but RSA researchers recently spotted another social network (they are not saying which) being used for the same purpose.
According to ThreatPost, the bot herder sets up fake profiles, then posts encrypted commands on it:
Every time a new computer gets infected with the banker Trojan in question, the malware is programmed to visit the profile and get new commands. The text contains authentication code so that the Trojan can be sure it's in the right place, and hard-coded instructions telling it what to do next.
According to Uri Rivner, Head of New Technologies, Consumer Identity Protection, at RSA, this instance is part of a growing trend and a direct consequence of the recent takedowns of "bulletproof" ISPs.
"These groups have had four main options for hosting if they want to put it in a resilient infrastructure," he says. "You can build your own, and there are some that are very sophisticate with great disaster recovery, but that's expensive. You can go with bulletproof hosting, but that's getting harder. You can use cloud services, which we've seen some of lately. Or you can now use social networks. That's getting more popular because resilience is they key for some of these Trojans that can run for months or years. It's so important to them to find a good hosting environment."
What really makes the use of social networks to host these centers handy is the fact that profiles can be easily made and disposed of as soon as they are flagged and blocked by the networks. Hundreds of profiles can be coded into a Trojan, and as one profile is removed, the Trojan simply visits the next one on the list and gets its commands there.
Luckily for the criminals, social network operators still can't manage to identify these profiles quickly enough to make a dent into the botnet activity, but these sites will soon be under pressure from the community and governments to come up with a solution to this problem, and botnet herders will have to find yet another way to keep themselves in business.
New zero-day "shortcut worm" vulnerability affects all Windows versions
Microsoft published Security Advisory 2286198 on Friday of last week, confirming the existence of a critical vulnerability in all supported versions of Windows.
The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut's icon is loaded to the GUI.
An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.
The shortcut vulnerability was discovered during investigation of the Stuxnet rootkit which has been used in targeted attacks aimed at Siemens SCADA systems. Such systems are used for supervisory control and data acquisition in industrial facilities such as power plants. The shortcut file used in this case is detected as Exploit:W32/WormLink.A.
The situation is now more critical because a publicly available proof of concept was posted to several exploit database sites over the weekend.
Proof of concept exploit code is now in-the-wild and F-Secure fully expects virus writers to utilize this method of attack in the near future.
Sean Sullivan, Security Advisor at F-Secure, says, “This shortcut worm is very dangerous and the seriousness of the situation will increase until Microsoft releases a fix. And because Microsoft Windows XP Service Pack 2 is no longer supported, even the fix won't fully resolve the issue. This is a major concern as F-Secure’s research shows that SP2 is still being used by many organizations.”
F-Secure strongly recommends that companies and organizations migrate to Windows XP Service Pack 3 as soon as possible, or implement Microsoft's suggested workarounds.
Additionally, organizations need to create or review their USB device policy. “This danger can be mitigated with best practices. If a company doesn't have a security policy regarding USB devices, they're at risk. Those that do have a policy should review it and make sure that it's being followed. And this is time critical as summer vacation season is approaching,” says Sullivan.
The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut's icon is loaded to the GUI.
An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.
The shortcut vulnerability was discovered during investigation of the Stuxnet rootkit which has been used in targeted attacks aimed at Siemens SCADA systems. Such systems are used for supervisory control and data acquisition in industrial facilities such as power plants. The shortcut file used in this case is detected as Exploit:W32/WormLink.A.
The situation is now more critical because a publicly available proof of concept was posted to several exploit database sites over the weekend.
Proof of concept exploit code is now in-the-wild and F-Secure fully expects virus writers to utilize this method of attack in the near future.
Sean Sullivan, Security Advisor at F-Secure, says, “This shortcut worm is very dangerous and the seriousness of the situation will increase until Microsoft releases a fix. And because Microsoft Windows XP Service Pack 2 is no longer supported, even the fix won't fully resolve the issue. This is a major concern as F-Secure’s research shows that SP2 is still being used by many organizations.”
F-Secure strongly recommends that companies and organizations migrate to Windows XP Service Pack 3 as soon as possible, or implement Microsoft's suggested workarounds.
Additionally, organizations need to create or review their USB device policy. “This danger can be mitigated with best practices. If a company doesn't have a security policy regarding USB devices, they're at risk. Those that do have a policy should review it and make sure that it's being followed. And this is time critical as summer vacation season is approaching,” says Sullivan.
Subscribe to:
Comments (Atom)