Full Disclosure mailing list archives
Re: Most common keystroke loggers?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 02 Dec 2005 11:33:09 +1300
Gustavo wrote:
If you want to provide reliable authentication, given that the user has a keystroke logger installed, you may simply use a visual keyboard written in Java.
Dude -- you really are out of your depth here... Barclays (and other UK banks?) were doing this in the late 90s. Within months keyloggers that took screenshots of a small area around the mouse pointer hot-spot were being found. Some South American banks currently under massive identity theft/keylogging "attack" (like Banco Brasil) apparently don't talk to others in the banking industry, as some have recently started using such "on-screen keyboards" to "defeat" the keylogging attackers that hound their customers. Within a very short time period we saw some of those keyloggers adapt by adding screenshot-grabbing of a small area around the mouse point hot-spot. Seems they talked with uninformed "security consultants" rather than folk who know how systems work, what malware is, what it can do that it may not be doing today and, in this case, what has already been tried and trivially beaten... If you don't understand that all the I/O on the "compromised" machine (for the types of machine we are talking about) can be intercepted, you shouldn't be trying to answer the OP's question (and if the OP understood that, he would not have asked as he would have realized he was aiming at doing the impossible). Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? Kyle Lutze (Dec 01)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? mz4ph0d (Dec 01)
- Re: Most common keystroke loggers? mz4ph0d (Dec 01)
- Re: Most common keystroke loggers? Kyle Lutze (Dec 01)
- RE: [inbox] Re: Most common keystroke loggers? Exibar (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Michael Holstein (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Gustavo (Dec 01)
- RE: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
- RE: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? foofus (Dec 02)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)