Monday, September 7, 2009

VK couple's testing -- insecure protocol!

Friday's XKCD comic dealt with the question "How can I tell if my internet relationship is real, or just a chatbot?"

The VK couple's testing page was realized and announced in a follow-up blog post. As I understand it, you and your significant other go to this website. At the top, there's a [presumably unique] test ID. At the bottom, there's a "partner's link." So you send your partner the link, and you both reveal the letters/numbers you see, and you are each reassured of the other's non-bot status.

But here's the problem. If the bot is chatting with "thousands of connections at once," then it could just send your link to one of them and have them read it, passing the answer back to you. This breaks the security of the system, as no matter how you set it up, one person has to send a link to another person. This is a weak point, as a chatbot can use two real people to verify its own "real person" status.

VK couple's testing is interesting, but needs a more secure protocol.

[Update: I browsed the comments of the blog post, and many people pointed out the same vulnerability. One suggested fix for this insecure hole is to have the form require the names of both parties, a "signature" of sorts. This reduces the likelihood of failure, but since names are not unique, the bot could still set up an insecurity by mimicking the name of another real person, who it uses to solve the captcha. Likewise, timestamped tests make it harder, but not impossible, to break the protocol.]


This post's theme word: nugatory, "of little value; trifling" or "having no force; ineffective."

Saturday, September 5, 2009

Quiet

Tuesday was very quiet -- little traffic, few people on the streets. Or so it seemed to me. The auditory environment as I walked to work made me feel like there were cotton balls or earplugs in my ears. It stayed like that all day; the sun shone down on a muted world. My quiet office. The dampened traffic. Even ambient machinery noises (air ducts, elevators) were oddly quiet (and also just at the cusp-of-hearing, too-loud, like the high-pitched sound that televisions make).

Wednesday, everything was back to normal. Weird. I had independent confirmation, though, that Tuesday was quiet. Eerily so.


This post's theme word: anechoic, "tending to deaden sound."