Full Disclosure mailing list archives
RE: Most common keystroke loggers?
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Fri, 2 Dec 2005 01:53:09 +0530
-----Original Message----- From: Blue Boar Sent: Friday, December 02, 2005 12:15 AM To: sjohnston () cavionplus com Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Most common keystroke loggers? Shannon Johnston wrote:
Hi All, I'm looking for input on what you all believe the most common keystroke loggers are. I've been challenged to write an authentication method (for a web site) that can be secure while using a compromised
system.
If, for some reason, you only care about the case where a "keylogger" is
installed,
then you can go with some scheme like making the user pick numbers of a
randomly-scrambled
keypad on the screen, with the mouse.
"Security" and "randomly-scrambled online keypad" are mutually exclusive ;-)
Note, however, that "keyloggers" that grab some portion of the screen
surrounding the
mouse pointer every time you click have already been observed in the
wild. They are
designed to specifically defeat this kind of mechanism.
I posted a similar but yet an effective way of snatching the user credentials directly from the input boxes while the user key'n them in a pre-compromised box. The method shown is bit effective compared to the screenshot grabbers in the sense that it directly get the clear text and the ***** text from the inputbox directly and donsn't save it until the user submit the form. The PoC (defeat-citibank-vk.zip) was created to defeat the virtual keyboard concept of Citi-Bank used world wide. It can be downloaded from the following link - http://www.hackingspirits.com/vuln-rnd/vuln-rnd.html . Presently, the PoC wont work as CitiBank has made little changes in its site after the release of the PoC. - D _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? php0t (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Lionel Ferette (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
- Re: Most common keystroke loggers? Dave Korn (Dec 01)
- Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
- Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 01)
- Re: Most common keystroke loggers? Kyle Lutze (Dec 01)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? mz4ph0d (Dec 01)
- Re: Most common keystroke loggers? mz4ph0d (Dec 01)
- Re: Most common keystroke loggers? Dave Korn (Dec 01)
- RE: [inbox] Re: Most common keystroke loggers? Exibar (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Michael Holstein (Dec 01)