Automation Getting By reCaptcha

Google’s reCaptcha used to identify human customers can be subverted by automation through HTTP parameter pollution according to security researcher Andres Riancho who discovered the problem.

Ryan Wilk, VP of Customer Success at NuData Security:

“As the saying goes, you cannot judge a book by its cover, but you can judge a captcha by its provider.

The use of automated tools to commit Account Takeover (ATO) and create fraudulent accounts on a massive scale is growing.

To stop this, many companies are using “freeware” captcha tools. The problem with these offerings is…”

Read the entire article…

#captcha #pluscaptcha #security

How To Add A WordPress Captcha To Cut Down On SPAM

Beginner Tutorials: If you’ve ever been asked to solve a simple math problem or “prove you’re human” before performing an action on a website – you’ve encountered a CAPTCHA.

This simple feature is ubiquitous for good reason.

In fact, you may want to consider adding a WordPress CAPTCHA to your own site.

CAPTCHAs are designed to protect sensitive information, block spam and attacks, and restrict access to a website’s vital features.

They aren’t a foolproof tool and are best used as part of…

Read the entire article…

A Rare Breed Of The Brute-Force: A History Of One Attack

David Balaban: While routinely working on the security of one e-commerce website, I encountered an unusual type of a brute-force attack that was fairly hard to mitigate.

It was based on a delicately simple technique that made it stand out from the crowd.

Read this article to learn what kind of an attack it was and how I succeeded in protecting my customer’s site against it.

As you know, a classic brute-force boils down to guessing credentials.

For instance, threat actors take known user accounts and pick passwords for them based on certain criteria — either by generating them on-the-fly or using…

Read the entire article…

Ticketmaster Secretly Provides Scalpers With Bot Software, Brokers Claim


Eriq Gardner: On the defensive for using its own bots to bypass CAPTCHA, two firms file counterclaims against the Live Nation subsidiary.

On the defensive for using its own bots to bypass CAPTCHA, two firms file counterclaims against the Live Nation subsidiary.

Who is to blame for very few cheap tickets to Hamilton?

According to Ticketmaster, the responsibility falls on ticket brokerage firms like Prestige Entertainment and Renaissance Ventures, which allegedly employ "bots" to circumvent…

Read the entire article…

A CEO Who Based His $700 Million Company In Pittsburgh Says He’s Getting Employees Who Want To Work In Tech But Avoid The Bay Area

Richard Feloni: Luis von Ahn cofounded the language-learning app Duolingo in Pittsburgh, Pennsylvania.

Von Ahn says having a tech company headquartered in Pittsburgh, rather than Silicon Valley, is an advantage.

For one, Pittsburgh has cheaper housing; Von Ahn estimates at least half of Duolingo employees own a home.

A tech company in Pittsburgh may sound out of place, but it is actually helping Luis von Ahn recruit talent for his language-learning app Duolingo.

“I like it, and it’s really on the up,” Von Ahn said about Pittsburgh in an interview for an episode of Business Insider’s Podcast Success! How I Did It.

Read the entire article…

Why An Online Presence Is Critical For Your Business

There’s no better time than now for your business to be online. If you’re not, you’re missing out on a lot of great opportunities to sell, connect and share with your target audience. Think about all of the hard work that you’re putting in at the office that’s going unnoticed by not conducting business online.

Make note of how often you go on the Internet and what actions you’re taking. Your customers are doing the same and missing out on seeing you if you’re not there. It’s a good idea to come up with a strategy for tackling the space and not try to do it all at once. See why an online presence is critical for your business.

Share Information

A major reason people are online is to find and share information. Consider if you’re wanting to buy a car and prefer to search for used Polo Vivo, instead of going into a dealership right away. This is made possible by the company posting information to their website and allowing you to search and view it. Consider it the first step in the buying process and a great way to get your consumers all the answers they need without having to contact you.

Post Images

The Internet is also a useful place to post and view images. This is especially important if you’re selling products or services that require visual context, such as a car. Customers don’t always want to have to leave their house to analyze and contemplate a decision. Draw consumers in with your images and showcase your best products with a visual appeal. Many times users want to see what they’re about to buy before doing so online or in person.

Process Transactions

Grow and develop your business into an online store as a space for consumers to shop and purchase products and services. Make sure your ecommerce site is secure and functions properly, to avoid any unhappy customers or issues. This is a great way to start a business online or sell products, in addition to what’s in your physical store. Think about all of the profits you’d be missing out on if you didn’t have an online presence.

Engage with your Target Audience

It’s not enough to visit with your customers face-to-face anymore. You have to be online with social media pages and launching online advertising campaigns. The good news is that these are great ways to target your specific kind of consumer and get in front of them where they’re spending a lot of their time already. Launch customer service opportunities on your website or use social media to engage with and answer shopper’s inquiries.


You risk missing out on a lot of business opportunities when you choose not to interact online. Come up with a strategy and start launching some of these ideas to help get you going. The best part is that it’s simple to adjust on the fly. This is why an online presence is critical for your business.

The Top Security Measures Your Website Needs

Small businesses are easy targets for hackers; they are usually the least likely to afford adequate security of their computer systems and website. Hackers can cause a lot of damage to your company if they get hold of your customers’ information, so you need to take action to prevent it.

As well as the usual security elements that you can use such as a secure admin password and firewall, there are other things as well that can help protect you from disaster. If, however, your system does go down or you suffer data loss, it is important to seek the help of a professional data retrieval company as soon as possible.

SQL Problems

It can be easy for a hacker to gain access to your files and data by using an SQL Injection. This inserts rogue code into web form field or URL. By using parameterized queries, you can help prevent this from happening. If this sounds too complicated, seek the advice from a web designer.


XSS is another way hackers can gain access to your site and steal information. They can add malicious JavaScript to your web page. The code then runs on the user’s browser and steals information before sending it back to the originator.

One example of how this can cause issues is that once the user’s browser is infected it can use the cookie data to get into your site and steal data. It is important that you make sure no user can add this JavaScript into your pages.

It is one area that has become a big problem in recent years, so ensuring that these little loopholes are closed could save you a lot of time and money.


As many people who use computers now know, passwords are an important way to protect data and other information on the system. It is important that your employees use passwords correctly and set difficult combinations that do not use personal information.

Advice also suggests that you need to change passwords at least every 90 days to stay secure. You should also change them after any employees leave your company. Employing other security such as a login for customers along with captcha security will also help you keep everything secure.


HTTPS is a secure protocol that ensures the person requesting the page is going to the correct destination. It is used primarily by pages that deal with credit card information, however, if you have other information that you want to protect, you should use the HTTPS protocol on those pages. This will make it a lot harder for hackers to access that page.

If you ever load a web page that is asking for personal information, you should check the HTTPS protocol in the address bar of your browser. If the page doesn’t have HTTPS, then you should be cautious about giving your details.

With these tips, hopefully, you will be able to secure your website and protect your customer information.

WordPress Commerce and Credit Card Payments

It is not uncommon for site owners to use Captcha for various purposes. Aside from for preventing spam comments and registration bots, Captcha can also be used to secure the ecommerce side of your WordPress site. There are also other security measures you can put in place to secure credit card payments on your WordPress-based ecommerce site. The 3D Secure by MasterCard and Verified by Visa both add an extra layer of security to online transactions. According to studies by Rutgers Online and its AACSB online MBA department, the use of EMV chip in credit cards is also reducing information theft and security issues; it reduced theft by 32.5% in 2014. The number of cases has continued to drop since.

2017 will be a big year for mobile commerce, which means you also need to prepare your WordPress site for mobile customers. Find out more about Credit Cards and Mobile Payments: What Your Business Needs to Know for Now and the Near Future from the infographic below.

This infographic was created by Rutgers Online.

How Businesses are Adapting to the Independent Contractor EconomyWord

Rutgers Online

5 Common Medical Data Security Mistakes (and How to Correct Them)

According to a study by the Ponemon institute, medical data is very valuable on the black market. Unlike credit card information, a medical record has more personal data. This includes physical markers and medical history. As a result, hackers are now targeting healthcare databases. To protect itself, the healthcare industry must improve its data security. One way of doing this is by avoiding the following 5 common medical data security mistakes. It must also know how to correct them.

1) Focusing on Compliance and Not Security

The Health Insurance Portability and Accountability Act (HIPAA) and Affordable Care Act (ACA) have changed the healthcare industry. They have forced it to adopt IT by requiring health care practices to comply with their regulations. According to Bradley University’s Department of Nursing, compliance alone is not enough to ensure security. Many security breaches still plague HIPAA compliant databases. To address the problem, security must also be made a priority.

2) Not Dealing With Bring Your Own Device (BYOD) Insecurity

Doctors and other healthcare workers bring their own mobile devices to work. They use them to text and email patients as well as each other. Of concern to data security experts is the lack of encryption on these devices. When they get lost or stolen, the medical data they contain is put at risk.

3) Not Investing Enough on Security

According to CNBC, most industries dedicate as much as 20% of their budget to data security. It adds that in healthcare organizations, this figure drops to 14%. And the reason is simple. Health care organizations run tight budgets with little money left over for security. But considering what is at stake, the health IT industry must invest more in this critical area.

4) Security is Not a Priority

Users pose the greatest threat to data security. How they use their laptops and mobile devices can expose an entire system to viruses, hackers, and malware. Unfortunately, health workers view IT security as the responsibility of the IT department, not theirs. And because of this attitude, they continue to compromise the security of the data they handle.

5) IT Systems are Either Too Simple or Complex

IT systems must balance ease-of-use and security. But, most of them fall on either side. They either focus on usability and are too simple and open to misuse. Or, they focus too much on security and are unusable. Now, if users cannot understand how to use a system, they will eventually make critical mistakes. Thus, IT systems must always strike a balance. They must be easy to use yet secure.

5 Ways of Correcting Medical Data Security Mistakes

While security breaches are rampant in the medical field, there are some things that every organization can do to prevent security issues within their network. Here are a few of them:

1) Implementing Risk-Management Procedures

Although HIPAA compliance is important, it is only part of the solution. The rest lies in having a comprehensive risk-management policy such as behavioral analytics which help identify threats before they become a problem.

2) Using Two-Factor Authentication

Two-factor authentication is a good answer to data insecurity. Secure logins can involve using combinations of passwords and fingerprint, iris, or badge scans. But in healthcare, fingerprint scans are impractical. Health workers sometimes wear gloves in sanitary environments.

3) Using Encryption

Encryption protects sensitive data in the event of an attempted hack. The data on a stolen or lost mobile device also remains secure if encrypted.

4) Implementing EMM (Enterprise Mobility Management) Systems

EMM systems help secure all mobile devices which access a specific network. A good example is BlackBerry BES12. Health organizations use it to maintain data security regardless of the device used to access their network.

5) Educating Employees

An organization must build a security culture by educating employees on security. With the knowledge, they will view security as a personal responsibility.


Securing health data has become a priority today. This is as more hackers target the health sector owing to the value of medical data on the black market. But security is not difficult to achieve. An organization must avoid the five mistakes listed above. It must also apply the five recommendations also listed above.