lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Dec 2 00:11:09 2005 From: lyal.collins at key2it.com.au (Lyal Collins) Subject: Most common keystroke loggers? Typo - I meant 1997 NOT 1996. -----Original Message----- From: Lyal Collins [mailto:lyal.collins@...2it.com.au] Sent: Friday, 2 December 2005 9:42 AM To: 'deepquest'; 'foofus@...fus.net' Cc: 'Full-Disclosure' Subject: RE: [Full-disclosure] Most common keystroke loggers? In 1996, this virtual keypad concept was broken by taking 10x10 pixel images under the cursor click, showing the number/letters used in that password. Virtual keypads are just a minor change of tactics, not a long term resolution to this risk, imho. Lyal -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of deepquest Sent: Friday, 2 December 2005 9:26 AM To: foofus@...fus.net Cc: Full-Disclosure Subject: Re: [Full-disclosure] Most common keystroke loggers? To me the only thing that can defeat keystroke is what a software or trojan can not do: See (OCR is just a partial application of guess but not applicable in that case) Imagine a web page with a virtual keyboard page (clickable). In order to prevent the localisation on the keys mapping based on position of the mouse, display the keyboard on random location of the screen. Add a random password and challenge authentication process. my 2 cents, Deepquest "Justification of windows usage is a combinaison of Stockholm Syndrome and cognitive dissonance." -------------------------------------------------------------- Propaganda http://deepquest.code511.com/blog FIB http://www.futureisbeta.com PGP DH/DSS http://www.futureisbeta.com/pgp -------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists