lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon Aug  8 16:37:27 2005
From: nicob at nicob.net (Nicob)
Subject: Defeating Citi-Bank Virtual Keyboard Protection

Le vendredi 05 ao?t 2005 ? 22:50 +0200, Michal Zalewski a ?crit :

> What I proposed (and I'm sure I'm not innovative here) went along the
> lines of hooking up and intercepting the mouse click button, and then,
> at the exact moment of mouse click, capturing the position of the
> mouse pointer, and a bitmap of its nearest surroundings - ideally,
> before the event is delivered to the browser window.

That's exactly what the PoC demonstrated here is doing :
http://nicob.net/SSTIC05/Demo-SSTIC05.avi

And black-hats are already using this kind of tools ...


Nicob

Powered by blists - more mailing lists