Full Disclosure mailing list archives

RE: Defeating Citi-Bank Virtual Keyboard Protection

From: Nicob <nicob () nicob net>
Date: Mon, 08 Aug 2005 17:23:58 +0200

Le vendredi 05 août 2005 à 22:50 +0200, Michal Zalewski a écrit :

What I proposed (and I'm sure I'm not innovative here) went along the
lines of hooking up and intercepting the mouse click button, and then,
at the exact moment of mouse click, capturing the position of the
mouse pointer, and a bitmap of its nearest surroundings - ideally,
before the event is delivered to the browser window.


That's exactly what the PoC demonstrated here is doing :
http://nicob.net/SSTIC05/Demo-SSTIC05.avi

And black-hats are already using this kind of tools ...


Nicob

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
- - - Re: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
    - RE: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection fractalg (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Peter Ferrie (Aug 05)
  - Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
    - RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
  - RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
    - RE: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh (Aug 05)
    - Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
  - RE: Defeating Citi-Bank Virtual Keyboard Protection Nicob (Aug 08)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Bart Lansing (Aug 08)