[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.21.0705091727440.14619-100000@linuxbox.org>
Date: Wed, 9 May 2007 17:27:58 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: Jim Harrison <Jim@...tools.org>
Cc: Int3 <yashks@...il.com>, bugtraq@...urityfocus.com
Subject: RE: Defeating Citibank Virtual Keyboard protection using screenshot
method
On Wed, 9 May 2007, Jim Harrison wrote:
> Without getting into SMTP latency comparisons...
>
> Perhaps I missed something, but where is the threat demonstrated sans
> code installation?
> I'm not trying to disparage anyone's work, but as you yourself pointed
> out, there is nothing demonstrated here that doesn't qualify as common
> malware.
We are all really in agreement.
>
> -----Original Message-----
> From: Gadi Evron [mailto:ge@...uxbox.org]
> Sent: Wednesday, May 09, 2007 1:42 PM
> To: Jim Harrison
> Cc: Int3; bugtraq@...urityfocus.com
> Subject: RE: Defeating Citibank Virtual Keyboard protection using
> screenshot method
>
> On Wed, 9 May 2007, Jim Harrison wrote:
> > Granted, it's an interesting methodology, but until you can
> demonstrate
> > circumvention of the CitiBank keylogger without installing code on the
> > victim host, a threat is not indicated and cannot be taken seriously.
>
> Even though I was the first to point out this is old news for the
> malware
> scene in online/e fraud, I'd be the first to bow down before Int3 and
> say
> "thank you for sharing your work with us". Many don't.
>
> But your point above:
> "without installing malware on the victim host"
>
> Although true on some level, is bogus for the purpose of this work, as
> it
> being written makes an automatic assumtion on working only after malware
> is installed.
>
> Although you are right, in practice this is already an heavily abused
> technology, and..
> 'Getting malware on a system', who ever heard of such a ridiculous
> idea? :)
>
> Gadi.
>
> >
> > -----Original Message-----
> > From: Int3 [mailto:yashks@...il.com]
> > Sent: Wednesday, May 09, 2007 11:14 AM
> > To: Jim Harrison
> > Cc: bugtraq@...urityfocus.com
> > Subject: Re: Defeating Citibank Virtual Keyboard protection using
> > screenshot method
> >
> >
> > This is not malware, it will only help people to experiment and see
> the
> > result without writing one for themself.
> >
> > Regards,
> > Yash K.S
> >
> > On 5/9/07, Jim Harrison <Jim@...tools.org> wrote:
> >
> > (copied here without permission)
> > Step by Step Demo:
> >
> > - Download POC from http://tracingbug.com/downloads/citihook.zip
> > <http://tracingbug.com/downloads/citihook.zip> and
> > unzip to some directory
> > - Launch citihook.exe, this will watch only
> > https://www.online.citibank.co.in/ URL
> >
> > Effectively, "Let me install my malware on your machine to
> > demonstrate
> > how vulnerable it is."
> >
> > P-p-p-p-p-p-leeeze (three anti-social points for that quote)!
> > The "problem" ceases to be a vulnerability at this point.
> >
> > -----Original Message-----
> > From: yashks@...il.com [mailto:yashks@...il.com]
> > Sent: Monday, May 07, 2007 3:03 AM
> > To: bugtraq@...urityfocus.com <mailto:bugtraq@...urityfocus.com>
> >
> > Subject: Defeating Citibank Virtual Keyboard protection using
> > screenshot
> > method
> >
> > Severity: Critical
> >
> > Platforms Affected:
> >
> > Microsoft Corporation: Windows 98 Any version
> > Microsoft Corporation: Windows Me Any version
> > Microsoft Corporation: Windows XP Any version
> > Microsoft Corporation: Windows 2000 Any version
> > Microsoft Corporation: Windows 2003 Any version
> > Microsoft Corporation: Windows NT 4.0 Any version
> > Citi-Bank: Citi-Bank Virtual Keyboard Any version
> >
> > Browsers:
> > Microsoft Internet Explorer Any version
> > Mozilla FireFox Any version
> > Any browser runs on Win32 platform ( With slight modification )
> >
> > Original URL :
> > http://www.tracingbug.com/index.php/articles/view/23.html
> >
> > Regards,
> > Yash K.S <yashks@...il.com > | www.tracingbug.com
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
>
>
> All mail to and from this domain is GFI-scanned.
>
Powered by blists - more mailing lists