imperva

CAPTCHA systems easy to foil, security firm finds

Challenge-response techniques called "CAPTCHAs" designed to keep spambots off Web sites can easily be broken by humans who are paid to type in the responses, according to a new report from security firm Imperva.

CAPTCHAs, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart, are created by programs and are intended to be difficult for computers to fill out.

"One of its inherent flaws today is that it can be easily bypassed by outsourcing it to human solvers for a very low cost," the study (PDF) says. "When the CAPTCHA … Read more

Web apps attacked every two minutes, study finds

The average Web-based application is hit by a cyberattack once every two minutes, says a report out today by security firm Imperva.

Detailing its findings in its "Web Application Attack Report" (PDF) for July, Imperva found that Web applications are attacked around 27 times per hour. Monitoring the Internet from December 2010 through May 2011, the security firm uncovered and categorized more than 10 million individual attacks targeting both business and government sites.

Automated cyberattacks accounted for a huge number of attempted breaches. The report discovered that attack traffic was characterized by quick spikes of high volumes followed … Read more

New DoS attack uses Web servers as zombies

Researchers have uncovered a botnet that uses compromised Web servers instead of the usual personal computers to launch denial-of-service (DoS) attacks.

Security firm Imperva said on Wednesday it uncovered a botnet of about 300 Web servers after the company witnessed traffic coming from a compromised server and then searched for the attack code via Google. Web servers were commonly used in such attacks a decade ago but had been replaced by the more ubiquitous Windows-based PCs, said Amichai Shulman, chief technology officer at Imperva.

In the DoS attack Imperva observed, two Web servers were targeting an unnamed hosting provider based … Read more

Survey: Half of businesses don't secure personal data

The personal information you give to businesses may not be as secure as you hope, according to a new survey.

Around 55 percent of all businesses acknowledge that they secure credit card information but not Social Security numbers, bank account details, and other personal data, according to a survey of more than 500 companies released Wednesday by Imperva and Ponemon Institute.

The survey was conducted to determine how many companies are complying with PCI DSS, the Payment Card Industry's Data Security Standard. PCI DSS tries to ensure that businesses take specific measures to secure their Web sites, databases, and … Read more

Puerto Rico sites redirected in DNS attack

An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on Sunday to sites that were defaced, according to security firm Imperva.

Those sites and others including PayPal, Nike, Dell, and Nokia, were redirected to sites that were black except for messages in hacker lingo saying that the sites had been hacked. However, the sites themselves were not hacked, Amichai Shulman, chief technology officer at Imperva, said on Monday.

A group calling itself the "Peace Crew&… Read more