Feb 17, 2008 06:57AM
- comments
Some folks have reported to me a little problem they have experienced when originating a PM to someone. You know the little box (see picture) where you put in the random letter code? The reason for that little exercise is to keep "bots at bay."
"Bots" are software robots that explore web pages looking to pick up emails, personally identifying information -anything useful to someone who would like to exploit you financially or worse. And these days, organized crime is funding the effort, so we're not talking about some desparate teenager hacking away just because he or she can. There's serious money involved.
Now friends, think about this for a moment. Suppose a "bot" came here to the anxiety forum, looking to get the goods on a few vulnerable people. The bot's creator would come on the sight and set up a "dummy member account," claiming to be, let's say, "AllBetterNow." The "bot" is then set up to click the Send Message link for everyone it can find. And the message is this:
"I read what you had to say, and really know what you are talking about. I, too, was plagued for years, but now, thankfully, I am free. Blah blah blah.....I found the answer at this website: www.aintIgreat.com, so give it a try -Oh! By the way, there is no cost -it is free."
That message could go to anyone, couldn't it? And who knows, you might be inclined to go to the website, which would be free, as promised. However, to get inside, you'd need to become a member, and to do that, you'd need to enter a few bits of personal information. In exchange, they will mail your password to your email address! You see what's happening here, right?
Now, a bot could get away with this if all it had to do was "click to send." However, in the case of Medhelp and many other boards and forums, the sender must first enter a code to send the message. Now, if the code were just ordinary text, like what we put in our posts and mails to one another, that would be no problem.
(Wanna see for yourself? OK, on your browser menu bar, click View, then click source. See? That's Medhelp with its pants down. A mixture of program commands to the browser and just plain old text. Nothing to it. OK, you can close that window now -won't hurt a thing.)
So, as I was saying, if all the bot had to do was "click to send," then the PM would go to the unsuspecting recipient. But NO -Medhelp has employed a little trick. You must first type the code letters in the box. Those letters in the code are NOT in the form of actual text. They are actually a PICTURE of text -not the text itself. If you pulled the pants down, you would not see a string of letters -you would see a reference to a graphic image (or a bit of code that would cook up an image on the spot). What's the difference, you say? The difference is this: if you highlight the text of this post, you can then copy it and paste into your word processor, or another email, or whatever. You can edit it, delete it, add to it -all just as though it came from your keyboard. That's because it is actual text -somebody typed it. BUT, no matter how much you try, you won't be able to copy and paste the letters in that code box, because what you see there is a picture of letters, not the actual letters themselves. Go ahead -try to copy and paste them. Ain't happening, is it?
And therefore, the Bot can't copy and paste or even "read" the letters, either. It doesn't even see the letters. So, it can't send the PM. The Bot is stopped dead in its tracks. Pretty cool, huh?
Not really. Remember how I said that organized crime was now funding these fraudulent predatory operations? Well, guess what: they are now making Bots that CAN read those letters. How? First, it takes a picture of the screen. Then, it runs an OCR (optical character recognition) program to turn the pictures of the characters into actual text, which it THEN types into the box. The PM can then be sent.
BUT, Medhelp has deployed a counter-measure, and this is what gets us to the problem people have experienced lately. If you look at the picture I've posted here, you may notice that what appears to be a letter "v" is really the top of the letter "y." It is just that the botom of the "Y" is outside the box. You, as a human, can figure that out because you are sensitive to visual cues that leave the Bot scratching its head. However, the illusion of a "v" is so good that even humans may not figure it out at first. That is exactly what has been happening -people are being fooled, too.
So, if the system refuses to send your private message because is says you entered the wrong code -check carefully for characters that are at the edge of the box -that's where you'll find your answer.
Now, this little code security thingie has an acronym: CAPTCHA. Know what that stand for? Here you go:
"Completely Automated Public Turing Test to Tell Computers and Humans Apart"
I couldn't make that up.
The only acronym I've seen that can top it is: TWAIN (for scanners).
Anyway, Medhelp is up to speed on security, so you may rest easy. You may have to study the code letters a bit more closely, however.
This post will self-destruct in a few days, but always be available in my journal entries.
