lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <OF6B777912.9630D2A5-ON88257054.006F210D-88257054.006F3522@symantec.com>
Date: Fri Aug  5 21:15:44 2005
From: pferrie at symantec.com (Peter Ferrie)
Subject: Defeating Citi-Bank Virtual Keyboard Protection





>> Recently I discovered a method to defeat the much hyped Citi-Bank
>> Virtual Keyboard Protection which the bank claimed that it defends the
>> customers against malicious programs like keyloggers, Trojans and
>> spywares etc.
>
>Wouldn't that be trivial to snoop on simply by making a trojan / spyware
>application that records a section of screen in the immediate proximity of
>mouse cursor on every mouse click? It's not that resource consuming, and
>easy to arrange.

Something similar was done by variants of the W32/Dumaru family last year.
That was an attack against the e-Gold keypad.
You can read about it here: http://pferrie.tripod.com/vb/dumaru.pdf

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ