lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri Dec  2 00:11:09 2005
From: lyal.collins at key2it.com.au (Lyal Collins)
Subject: Most common keystroke loggers?

Typo - I meant 1997 NOT 1996.

-----Original Message-----
From: Lyal Collins [mailto:lyal.collins@...2it.com.au] 
Sent: Friday, 2 December 2005 9:42 AM
To: 'deepquest'; 'foofus@...fus.net'
Cc: 'Full-Disclosure'
Subject: RE: [Full-disclosure] Most common keystroke loggers?


In 1996, this virtual keypad concept was broken by taking 10x10 pixel images
under the cursor click, showing the number/letters used in that password.

Virtual keypads are just a minor change of tactics, not a long term
resolution to this risk, imho.

Lyal


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of deepquest
Sent: Friday, 2 December 2005 9:26 AM
To: foofus@...fus.net
Cc: Full-Disclosure
Subject: Re: [Full-disclosure] Most common keystroke loggers?


To me the only thing that can defeat keystroke is what a software or  
trojan can not do: See (OCR is just a partial application of guess  
but not applicable in that case)
Imagine a web page with a virtual keyboard page (clickable). In order  
to prevent the localisation on the keys mapping based on position of  
the mouse, display the keyboard on random location of the screen. Add  
a random password and challenge authentication process.

my 2 cents,

Deepquest
"Justification of windows usage is a combinaison of Stockholm Syndrome and
cognitive dissonance."
--------------------------------------------------------------
Propaganda              http://deepquest.code511.com/blog
FIB                     http://www.futureisbeta.com
PGP DH/DSS              http://www.futureisbeta.com/pgp
--------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists