Le vendredi 05 août 2005 à 22:50 +0200, Michal Zalewski a écrit :
> What I proposed (and I'm sure I'm not innovative here) went along the
> lines of hooking up and intercepting the mouse click button, and then,
> at the exact moment of mouse click, capturing the position of the
> mouse pointer, an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 06 Aug 2005 13:40:40 -0700 root
<[EMAIL PROTECTED]> wrote:
>Aditya Deshmukh wrote:
>
>>The only most secure protection is a one time password with a
>challenge /
>>response scheme. Most of the banks in europe already do this.
>>
>>They give o
Aditya Deshmukh wrote:
The only most secure protection is a one time password with a challenge /
response scheme. Most of the banks in europe already do this.
They give out a calculator like device to the customers and when u want to
login you are presented with a challenge that you punch into
The only most secure protection is a one time password with a challenge /
response scheme. Most of the banks in europe already do this.
They give out a calculator like device to the customers and when u want to
login you are presented with a challenge that you punch into you device
which spits a r
> > proximity of mouse cursor on every mouse click? It's not that
> > resource consuming, and easy to arrange.
>
> You'd need to squeeze in some OCR code as well, or figure it out
> manually (or maybe use the same techniques as for getting around
> "captchas").
Another simple method capture the s
Hi,
>As per my knowledge, there are no such keyloggers or spywares which uses
any technique to defeat virtual keyboards.
>However, the technique that I am going to discuss here can be used by
malicious program writers to write next generation >viruses / worms to
defeat such virtual keyboard prot
osure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard
Protection
Peter Ferrie wrote:
>
>
>
>
>>>Recently I discovered a method to defeat the much hyped Citi-Bank
>>>Virtual Keyboard Protection which the bank claimed that it defends
>>
Peter Ferrie wrote:
Recently I discovered a method to defeat the much hyped Citi-Bank
Virtual Keyboard Protection which the bank claimed that it defends the
customers against malicious programs like keyloggers, Trojans and
spywares etc.
Wouldn't that be trivial to snoop on simply b
-
From: Michal Zalewski [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 06, 2005 2:21 AM
To: Debasis Mohanty
Cc: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard
Protection
On Sat, 6 Aug 2005, Debasis Mohanty wrote:
> Read the descri
On Fri, 5 Aug 2005, Jeremy Bishop wrote:
> You'd need to squeeze in some OCR code as well, or figure it out
> manually (or maybe use the same techniques as for getting around
> "captchas").
Well, if carders can be bothered to review hours of recorded material from
ATM-mounted cameras to grab PINs
On Sat, 6 Aug 2005, Debasis Mohanty wrote:
> Read the description section again, perhaps you have missed out the
> following -
> . The Virtual Keyboard is dynamic
> . The sequence in which the numbers appears will change every time,
> the page is refreshed
>
> Hence, desiging something the
On Friday 05 August 2005 13:10, Michal Zalewski wrote:
> Wouldn't that be trivial to snoop on simply by making a trojan /
> spyware application that records a section of screen in the immediate
> proximity of mouse cursor on every mouse click? It's not that
> resource consuming, and easy to arrange
- DM -
-Original Message-
From: Michal Zalewski [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 06, 2005 1:40 AM
To: Debasis Mohanty
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard
Protection
On Sat, 6 Aug 2005, Debasis Mohanty wro
>> Recently I discovered a method to defeat the much hyped Citi-Bank
>> Virtual Keyboard Protection which the bank claimed that it defends the
>> customers against malicious programs like keyloggers, Trojans and
>> spywares etc.
>
>Wouldn't that be trivial to snoop on simply by making a trojan
On Sat, 6 Aug 2005, Debasis Mohanty wrote:
> Recently I discovered a method to defeat the much hyped Citi-Bank
> Virtual Keyboard Protection which the bank claimed that it defends the
> customers against malicious programs like keyloggers, Trojans and
> spywares etc.
Wouldn't that be trivial to s
Recently I discovered a method to defeat the much hyped Citi-Bank Virtual
Keyboard Protection which the bank claimed that it defends the customers
against malicious programs like keyloggers, Trojans and spywares etc.
Find the details below -
Description:
Early this year, Citi-Bank introduced th
16 matches
Mail list logo
