| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.21.0705091254210.14619-100000@linuxbox.org> Date: Wed, 9 May 2007 12:56:32 -0500 (CDT) From: Gadi Evron <ge@...uxbox.org> To: yashks@...il.com Cc: bugtraq@...urityfocus.com Subject: Re: Defeating Citibank Virtual Keyboard protection using screenshot method On 7 May 2007 yashks@...il.com wrote: > Severity: Critical Erm, you do realize malware has been doing this for a long long time now, right? Virtual keyboards come as a solution for fighting one type of phishing and one type alone. OCR or screenshots of mouse position on-click, for example, are happening daily. In most cases, it isn't really required to take screenshots: http://blogs.securiteam.com/index.php/archives/678 Gadi. > > Platforms Affected: > > Microsoft Corporation: Windows 98 Any version > Microsoft Corporation: Windows Me Any version > Microsoft Corporation: Windows XP Any version > Microsoft Corporation: Windows 2000 Any version > Microsoft Corporation: Windows 2003 Any version > Microsoft Corporation: Windows NT 4.0 Any version > Citi-Bank: Citi-Bank Virtual Keyboard Any version > > Browsers: > Microsoft Internet Explorer Any version > Mozilla FireFox Any version > Any browser runs on Win32 platform ( With slight modification ) > > Original URL : http://www.tracingbug.com/index.php/articles/view/23.html > > Regards, > Yash K.S <yashks@...il.com > | www.tracingbug.com >
Powered by blists - more mailing lists