Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / May 2006

Tip: Looking for answers? Try searching our database.

email security

Thread view: 
Enable EMail AlertsStart New Thread
Mayor Curley - 30 May 2006 13:13 GMT
Hi, All:

Does anyone know of an online reference implementation/example of an
email security component?  I am looking for the type that displays a
string graphic that is hard for automated hacker systems to read and
requires manual user intervention.

I used to see these type of security policies on Hotmail and other
online email applications (can't remember seeing one lately).  I
question their usefulness (anyone have any opinions); however, I will
make management happy if I put one in place (and I guess that means
something since they pay the bills :-)).

Thanks,
Mayor
Reply to this Message
Gordon Beaton - 30 May 2006 13:21 GMT
> Does anyone know of an online reference implementation/example of an
> email security component? I am looking for the type that displays a
> string graphic that is hard for automated hacker systems to read and
> requires manual user intervention.

http://en.wikipedia.org/wiki/Captcha
http://jcaptcha.sourceforge.net/
http://www.javaworld.com/javaworld/jw-03-2005/jw-0307-captcha.html

/gordon

Signature

[  do not email me copies of your followups  ]
g o r d o n + n e w s @  b a l d e r 1 3 . s e

Reply to this Message
Oliver Wong - 30 May 2006 17:14 GMT
> Hi, All:
>
[quoted text clipped - 8 lines]
> make management happy if I put one in place (and I guess that means
> something since they pay the bills :-)).

   Gordon already answered your technical questions, so I'll do the "have
any opinions?" part. There's a lot of poorly designed CAPTCHAs out there,
such as those which try to get the user to distinctuish between "I", "l" and
"1", or ones which rotate letters randomly so that C and U are
indistinguishable. design your system to avoid frustrating your users with
false negatives (i.e. incorrectly rejecting non-AI humans).

   There's an alternative to CAPTCHAs in called KittenAuths. It displays 9
pictures, and the instructions say that 3 of the pictures are of kittens.
Click on the three kittens to proceed. Unfortunately, I think there's only
like 84 combinations of 9-choose-3 (not sure, stats and probabilities wasn't
my best subject back at university), whereas with a 7 character CAPTCHA,
there's something like 78 billion combinations (or around 3500 billion
combinations if the CAPTCHA is case sensitive).

   Still, if it's not really for security purposes, but rather to make
management happy, perhaps the KittenAuth will yield a better user experience
than having them trying to guess whether that wiggly line is an S, a 5 or a
$.

   - Oliver
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.