Blackhat: Breaking audio CAPTCHAs with Winamp
Las Vegas (NV) – This year’s Blackhat computer security convention started off with a bang. Convention officials told us that a record number of people have registered and there are more than 4000 people attending. Former chief counter-terrorism advisor Richard Clarke gave this year’s keynote, while veteran speaker Dan Kaminsky showcased his hacking knowledge.
Like in previous years, the keynote wasn’t deeply technically, but rather focused on broad security issues in government. Clarke is known for his criticism of the current Bush administration. He believes the United States government and corporations spend much too little on cybersecurity.
Dan Kaminsky has been talking at hacker conventions for several years and is considered to be one of the most entertaining and knowledgeable speakers here. At his Black Ops 2007 : Design Reviewing the Web today, he gave his typical stream of consciousness type of talk where he discusses many of the topics he’s currently researching. The most interesting part was about recognizing and defeating audio CAPTCHA’s with Winamp and graphical plotting.
Audio CAPTCHA’s try to weed out Spam scripts from entering in comments or forum posts by forcing humans to recognize the sound of numbers from background noise. Kaminsky claims he is close to making an automated tool that can instantly and accurately cut through the noise and recognize the number.
“That tool is coming out any day now,” Kaminsky said.
Kaminsky is also concerned about Internet service providers secretly replacing ads on web pages. He told the audience that this will become a significant problem in the future and security experts will have to start working on stronger website encryption and integrity protocols.