| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Dec 2 17:35:31 2005 From: frank at knobbe.us (Frank Knobbe) Subject: Most common keystroke loggers? On Fri, 2005-12-02 at 10:18 +1100, mz4ph0d@...il.com wrote: > That would at least stop two of those problems, those being > basic keylogging, and screenshots of the hotspot on click. Why wait for a click? The attacker can just record all screen activity in an AVI file and upload that. No need to wait for clicks. Other options would be audible passwords, but the attacker could also records all sound. There might be optical effects tricks that could be employed that play on things like the latency of a retina or whatnot. Flash a series of random numbers on the screen while giving one number a bit longer time. The pattern might appear to the human eye like that number, while it *may* defeat screen recordings. (frequency of display changes and attacker recording screen data would be the same for the attacker to interpret the visual effect exactly like the user). At the end of the day, one-time-passwords for login *and* transactions are probably the only real solution to prevent replay and mitm attacks (the latter using OTP hashed transactions). Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051202/77bc4bbb/attachment.bin
Powered by blists - more mailing lists