lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <228735040512011518o7b5fa823h77c5c14135927a9f@mail.gmail.com>
Date: Thu Dec  1 23:18:49 2005
From: mz4ph0d at gmail.com (mz4ph0d@...il.com)
Subject: Most common keystroke loggers?

At 9:41 AM +1100 2/12/05, Lyal Collins wrote:
>In 1996, this virtual keypad concept was broken by taking 10x10 pixel images
>under the cursor click, showing the number/letters used in that password.
>
>Virtual keypads are just a minor change of tactics, not a long term
>resolution to this risk, imho.


While it's obviously NOT the most secure way, that absolutely
nothing can be considered secure if the system is compromised,
that it would depend on either depending on either Javascript
being enabled on the client-side or using Java (or perhaps
Flash) for the interface elements, and using a random system
to interpret the results (because the interaction with the server
over the network can also likely be parsed), etc, etc ...

What about a system that used a randomly built and placed
keyboard where the button (or more effectively the entire
keyboard, though less usable obviously) went blank on
mouseover and click?

That would at least stop two of those problems, those being
basic keylogging, and screenshots of the hotspot on click.
At least then if a system like this is the only one that is
deemed doable it would be more secure than one that
didn't have those features. Yes? It may as well be on the
higher end of insecure than the lower end, (if "insecure" can
be seen as a scale, as unfortunately it often has to be in the
real world with budgets and stupid management).


Z.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ