Monday, October 13, 2008

Victoria's eGovernment Resource Centre a finalist in the global award for 'Who Are Changing the World of Internet and Politics in 2008'

Recognising over 10 years of reporting on egovernment topics from around the world, Victoria's eGovernment Resource Centre has been selected as one of the ten finalists for the 9th annual PoliticsOnline award for the top individuals, organisations and companies having the greatestimpact on the way the Internet is changing politics.

By being in the top ten, the eGovernment Resource Centre is being acknowledged alongside the Democratic Nominee for the US Presidency (mybarackobama.com) and is being recognised as more significant than the UK's Prime Minister's website (number10.gov.au)

I'd like to congratulate the team at DIIRD in Victoria who work on this site as probably the most effective and consistent voice in Australia on egovernment topics, helping to bridge the gap between policy and practice.

A representative from DIIRD has been invited as an honoured guest to the World Democracy Forum in Paris for the award ceremony, although I understand this will probably not involve the people who work every day to make the site a success.

The full announcement is at the eGovernment Resource Centre.

Read full post...

Saturday, October 11, 2008

The benefits of staff forums - two way communications with management

A challenge in any organisation is to foster two-way communications.

Many organisations have used suggestion boxes, 'chat with the CEO' email accounts, or other primitive tools to offer pseudo-two way communication, but without the immediacy or ability to readily expose discussions to the broader organisation.

These are often mistrusted by staff as they are essentially black boxes - suggestions go in from individuals and responses may come back, but there is no mechanism for others across the organisation to witness or participate in the conversation.

That's where staff forums can fill a major gap, providing a mechanism for organisations to unblock their communications channels, not only from staff to management, but between staff in different offices.

The following video illustrates how effective an online forum can be for engaging staff and improving customer service outcomes.

It is about British Airways, a 2008 Intranet Innovations Awards gold medal winner, who has engaged its 17,000 cabin crew in discussion around customer service and internal process issues via an online forum.


Read full post...

Friday, October 10, 2008

US women fleeing tech jobs due to glass ceiling

With a ICT staffing crisis already underway in Australia, it's interesting to read in USA Today that in the US Women (are) fleeing tech jobs because of (the) glass ceiling.

I've never understood why people discriminate at the office on the basis of gender, and I hope that with Australia having a female Federal Government CIO, that the ICT 'boys club' is not alive and thriving in Australia.

What do others in the industry think?

Read full post...

Encouraging innovation in a collaboratively Google world

For an insight into the tools Google uses to create an environment suited to innovation and collaboration within the firewall, visit this presentation on Innovation @ Google.

Read full post...

Thursday, October 09, 2008

Is CAPTCHA still effective as a security test?

CAPTCHA is a security provision designed to confirm that an online user is actually human by asking them to complete a simple test which is difficult for computers to interpret.

Often appearing as wavy or handwritten words and numbers, CAPTCHA (standing for Completely Automated Public Turing test to tell Computers and Humans Apart) has been widely implemented as an online security confirmation system within email systems, blogs, ebusiness and egovernment sites. In fact you'll see it in use when commenting on this blog.

Example of a modern CAPTCHA image (source: Wikipedia)


However CAPTCHA is increasingly under threat due to the multiple ways of circumventing this security and organisations need to consider whether it is still worth implementing CAPTCHA or more advanced security systems.

How effective is CAPTCHA?
As was recently reported in AllSpammedUp, Spammers are once again attacking Microsoft's CAPTCHA, used in their Hotmail email system to distinguish between legitimate human customers and automated spam systems.

While 10-15% doesn't sound that significant, given that spammers are able to use automated systems to create hundreds of email addresses a minute - then use the successful ones to distribute spam email - that level of success is quite high.

Hackers are also able to use cheap eyeballs from third world countries to break CAPTCHA - with Indian crackers paid $2 for every 1,000 CAPTCHAs solved.

Other techniques also exist to break CAPTCHA, such as advertising a porn site, embedding CAPTCHA codes from legitimate sites and asking people to solve these codes in order to access the adult content for free.

Given all these different ways to defeat CAPTCHA tests, and the barriers for those with vision impairments (who often unable to complete visual tests where an audio equivalent is not provided), let alone the difficulties real humans have in interpreting CAPTCHA tests correctly, this approach to security is seriously under threat.

However effective alternatives to validating that humans are really humans are not yet available for use.

Where next for CAPTCHA?
Microsoft and other large providers of online systems remain dedicated to strengthening CAPTCHA technology, even where the line of what is actually readable by the average human begins to blur.

They have limited alternatives as to effective tests of whether a user is human or computer to help minimise the success of automated hacking attempts.

Some mechanisms already coming into use are to ask questions via CAPTCHA text which is based on trivia more difficult for a machine to guess, or to have multiple CAPTCHA images which must be reinterpreted based on additional text - also stored as a CAPTCHA image.

All of these remain vulnerable to cheaply paid third-world CAPTCHA breaking groups, albeit increase the difficulty for machines.

Where should organisations use CAPTCHA?
Given the lack of alternatives, organisations need to continue using CAPTCHA, but selectively apply other methods of detecting machine-based attacks (such as rapid or logically sequenced attempts at creating accounts or logging in).

Where possible CAPTCHA should be used only to validate the 'humanness' of a user, rather than as an outright security measure, thereby limiting system vulnerability.

Finally organisations need to use the most current versions of CAPTCHA and update regularly to reduce the risk of intrusion to only the most sophisticated hackers.

Read full post...

Bookmark and Share