Full Disclosure mailing list archives
RE: Most common keystroke loggers?
From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Fri, 2 Dec 2005 10:09:36 +1100
"Usage once" is not an effeective measure against mitm attacks, as has been discussed earlier in this thread. Give user error message, while executing txn of attacker's choice on the victim site with the legitimate user's authority. How do disputed transactions get resovled in this supposedly more secure framework since 'the authenticaiton is infallible' (marketing speak)? Lyal -----Original Message----- From: deepquest [mailto:adf () code511 com] Sent: Friday, 2 December 2005 9:44 AM To: Lyal Collins Cc: foofus () foofus net; 'Full-Disclosure' Subject: Re: [Full-disclosure] Most common keystroke loggers?
In 1996, this virtual keypad concept was broken by taking 10x10 pixel images under the cursor click, showing the number/letters used in that password. Virtual keypads are just a minor change of tactics, not a long term resolution to this risk, imho.
I agree but what about the second random password and challenge authentification? Both should be unique and usage once. -D _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? Mike Jones (Dec 01)
- Re: Most common keystroke loggers? Valdis . Kletnieks (Dec 01)
- Re: Most common keystroke loggers? foofus (Dec 01)
- Re: Most common keystroke loggers? Mike Jones (Dec 01)
- Re: Most common keystroke loggers? deepquest (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- Re: Most common keystroke loggers? deepquest (Dec 01)
- Re: Most common keystroke loggers? php0t (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? php0t (Dec 01)
- Re: Most common keystroke loggers? foofus (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Dave Korn (Dec 01)
- Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
- Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 01)
- Re: Most common keystroke loggers? Kyle Lutze (Dec 01)