[cryptography] CAPTCHA as a Security System?

ianG iang at iang.org
Mon Jan 2 18:21:37 EST 2012


On 3/01/12 09:06 AM, lodewijk andré de la porte wrote:
> I'd like to add to this conversation, as a side note, that a new type 
> of security has (fairly) recently emerged: legal security. "It's 
> illegal to break in, so we don't need security".

Right. But it needs to be a break in, not a trespass.  So there needs to 
be a security method to be broken -- no matter how weak.

 From what I recall of this, there needs to be a reasonable notice and a 
security system for the breaking of.  This is why WAP, etc, works ... 
because it is a security system, and even though it can be broken with a 
boltcutter, it's illegal to break in.  So the end result is that you can 
commit the crime, and you'll leave your trails, and you'll be in 
jurisdiction.

> Quite common in convenience stores, people's homes and now, the 
> Internet. Some will find that this sort of security sucks. That it 
> doesn't protect them very well. They won't care though, because even 
> though the window was open, no one should've entered. 

It somewhat depends on who the attacker is.  If they are law-abiding 
citizens and they happen to be in the same jurisdiction, a legal 
mechanism works reasonably well.  Indeed, if one of them is true, it can 
help.

This also happens to align well with online banks which only permit 
transfers inside the country.  As the mule who receives the money has 
done so without permission, she has participated in fraud and the money 
can be yanked right back out again.  (Never mind that she already sent 
the money to another jurisdiction...)

The thing is, just because a security mechanism doesn't seem to 
translate to technological space doesn't mean it doesn't have legs.

iang



More information about the cryptography mailing list