Full Disclosure mailing list archives
Re: Defeating Citi-Bank Virtual Keyboard Protection
From: root <lyal.collins () key2it com au>
Date: Sat, 06 Aug 2005 08:27:04 -0400
Peter Ferrie wrote:
This has already done in 1997 in 'proof of concept' form to do the screen capture process, when 2 Australian banks launched on-screen keypads. I understand the demo took an image of around 10 pixel +- th mouse click position.Recently I discovered a method to defeat the much hyped Citi-Bank Virtual Keyboard Protection which the bank claimed that it defends the customers against malicious programs like keyloggers, Trojans and spywares etc.Wouldn't that be trivial to snoop on simply by making a trojan / spyware application that records a section of screen in the immediate proximity of mouse cursor on every mouse click? It's not that resource consuming, and easy to arrange.Something similar was done by variants of the W32/Dumaru family last year. That was an attack against the e-Gold keypad. You can read about it here: http://pferrie.tripod.com/vb/dumaru.pdf _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Nothing terribly new, concept-wise. Lyal _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Jeremy Bishop (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection fractalg (Aug 05)
- <Possible follow-ups>
- Re: Defeating Citi-Bank Virtual Keyboard Protection Peter Ferrie (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Nicob (Aug 08)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Bart Lansing (Aug 08)