Jeff Yan and Ahmad Salah El Ahmad, at the School of Computing Science, Newcastle University, England recently published a research paper entitled “A Low-cost Attack on a Microsoft CAPTCHA”, demonstrating how they’ve managed to attack the Microsoft’s CAPTCHA used on several of their online services such as Hotmail and Windows Live, with over 92% recognition rate. Here’s a summary of the research : In this paper, we analyse the security of a text-based CAPTCHA designed by Microsoft and deployed for years at many of their online services including Hotmail, MSN and Windows Live. This scheme was designed to be segmentation-resistant, and it has been well studied and tuned by its designers over the years. However, our simple attack has achieved…

From what we’ve seen of Windows 7, we’ve got multi-touch features and a new taskbar. Obviously because of the new way that Microsoft (*ahem* Sinfosky) is keeping the Windows family of products close to its chest, we don’t really know what’s going on with it, or what it can offer. The main problem, from a development point of view, is because we don’t know the core API’s and the “power of Windows” yet, development becomes increasingly difficult. Needless to say, Windows 7 is a good couple of years away at least, so there’s plenty of time to worry about it. Yet those in university at the moment who learn Java, C# and .NET3 may be ostracised from the employment market…

Rice University researchers have found a new way to spontaneously assemble nanoparticles into bag-like sacs. Their ‘nanobatons’ could be used to clean up oil spills by trapping oil droplets in polluted waters. These nanoparticles could even be more useful for delivering drugs. The researchers found that ‘ultraviolet light and magnetic fields could be used to flip the nanoparticles, causing the bags to instantly turn inside out and release their cargo — a feature that could ultimately be handy for delivering drugs.’ This is still a lab project and it’s hard to know when real applications could appear. But read more…

If you’re having trouble keeping up with all environmental laws your company needs to know about, you might want to consider investing in some compliance software from the likes of Foresite Systems. The company’s develops and consults with a series of applications called the Global Environmental Management System, which follows the various packaging, materials, environmental and sustainability regulations that businesses need to worry about. Sort of like the Sarbanes-Oxley problem of manufacturing companies. Among the areas that are a focus for the software include the REACH legislation required within the European Union, worldwide packaging directives, as well as the RoHS and WEEE laws. The software is even targeted at smaller manufacturers or logistics companies: such as the ones that might…

According to Neowin, computing students at the University of Bochum, Germany, have worked out how to retrieve vital security tokens from Microsoft’s CardSpace framework. CardSpace is highly tipped to be the successor to Windows Live ID (Passport) and making passwords a relic of the Cold War, using self-signed or certificate authority signed digital certificates stored on the local machine as proof of who you are. The report states by many means of manipulating the DNS service, including anti-DNS pinning or DNS spoofing, these are all ways of taking the security tokens from a CardSpace file. Heise Online which reported this story, almost encourage you to try this out. Considering this major security flaw has been brought to light instead of…

Something to lighten your Saturday morning from Geek and Poke. If you don’t get the joke…well, it probably means you have a life, so here’s a hint.

Here are CNET Reviews’ 10 favorite items from the past week, including a 30-inch Gateway monitor, Linksys Draft-N router, and what might be the most affordable ruggedized laptop out there.

CNET News.com’s Daniel Terdiman visits geek-oriented sites from Houston to Orlando, with a helping of Kentucky and Tennessee in between.

Doc Rivers’ “Ubuntu” mantra helped lead the Boston Celtics to its first NBA Eastern Conference championship in 20 years.    So said one ESPN commentator, citing the Beantown coach’s use of the African term as a way to drive the team’s “collective success.” The sportscaster said it following the Celts win over the Detroit Pistons Friday night to clinch a spot in the NBA finals against the LA Lakers.   Naturally, my head leapt from my laptop to TV screen upon hearing the word uttered on a sports network. (I was reading Boston.com’s account of the title after the trophy ceremony).  The Celts wound up in last place last year and needed a “community” mantra for the 2007-2008 season to meld together old timers like Capt. Paul Pierce with hot scoring…

Global warming is not a happy topic at the latest Exxon shareholders meeting. Seems some offspring of the founding Rockefeller are not pleased the company they own a piece of is…shall we say…doubtful about global warming. It’s not just later generations of Rockies who are unhappy. Here’s a column by the offspring of the founder of Humble Oil. Not tickled about denying global warming. And that was published in a Houston, Texas, newspaper. Many Exxon stockholders will be celebrating, after all their company made $40 billion last year. Nice piece of change even if it is measure din devalued US dollars. It is not clear how relevant this stink-up will be, it;s been reportred for over a year that Exxon…