Many users routinely log in to their system with system administrator privileges. This is
especially true of home users. The advantage of this setup is that these users can do
everything necessary to fulfil their tasks with the computer. The disadvantage is that every
program running in the users context can make arbitrary modifications to the system.
Malicious programs and scripts often take advantage of this and silently change important
parameters. We propose to verify that these changes were initiated by a human by a …

This talk is about putting the human in the loop, or rather making sure that there is a human
in the loop. Sometimes we have this feeling that, while we're still responsible for what the
computer does, we don't have control over what it does, and it would be nice to make sure
that at least some human has seen what goes on. So this is about countering automated
exploits with system security CAPTCHAs, I know it is a bad idea to have an acronym in the
title but I was at Microsoft Research when we did this work. CAPTCHA for those of you who …