lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200508052034228.SM00948@JEFFMILLS>
Date: Sat Aug  6 01:34:35 2005
From: fractalg at highspeedweb.net (fractalg@...hspeedweb.net)
Subject: Defeating Citi-Bank Virtual Keyboard Protection

Hi,
 
>As per my knowledge, there are no such keyloggers or spywares which uses
any technique to defeat virtual keyboards. 
>However, the technique that I am going to discuss here can be used by
malicious program writers to write next generation >viruses / worms to
defeat such virtual keyboard protections.
>Hence, I hope people who are using Virtual Keybords shouldn't stay very
over-confident. 

Very wrong ;) There are such keyloggers in the wild...I had to "decipher"
the logs of a keylogger that was attacking some banks over here. The logs
had all the information, and all the banks in question used virtual
keyboards.
I had no chance to analyse the program...
Virtual keyboards are not the solution. A much "better" alternative is a
stealth program, who proxies the transactions.
Call it a second order trojan, sitting there, stealthy, doing nothing, and
when it seems some interesting transcation, just redirect it to another
account, for example. That would be much harder to detect.
The incident in question wasn't very hard to manage, because we had the
login to the dump site, and logs were deciphered.
That's one of the problems with keyloggers attack, what it captures must be
dumped somewhere.

fG!


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ