Full Disclosure mailing list archives
RE: Most common keystroke loggers?
From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Fri, 2 Dec 2005 11:16:21 +1100
Just expand the size of the image captured under the hotspot to include surrounding buttons. If the image shows the values "around" the button clicked, it makes it possible (but less trivial) to infer the value clicked. <humour on> Having a totally blank on-screen keypad might work - let the users guess their own passwords!!! <humour off> Lyal -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of mz4ph0d () gmail com Sent: Friday, 2 December 2005 10:18 AM To: full-disclosure () lists grok org uk Subject: re: [Full-disclosure] Most common keystroke loggers? At 9:41 AM +1100 2/12/05, Lyal Collins wrote:
In 1996, this virtual keypad concept was broken by taking 10x10 pixel images under the cursor click, showing the number/letters used in that password. Virtual keypads are just a minor change of tactics, not a long term resolution to this risk, imho.
[snip] What about a system that used a randomly built and placed keyboard where the button (or more effectively the entire keyboard, though less usable obviously) went blank on mouseover and click? That would at least stop two of those problems, those being basic keylogging, and screenshots of the hotspot on click. At least then if a system like this is the only one that is deemed doable it would be more secure than one that didn't have those features. Yes? It may as well be on the higher end of insecure than the lower end, (if "insecure" can be seen as a scale, as unfortunately it often has to be in the real world with budgets and stupid management). Z. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Most common keystroke loggers?, (continued)
- RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
- RE: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? foofus (Dec 02)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Anonymous Squirrel (Dec 02)
- RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
- Re: Most common keystroke loggers? foofus (Dec 02)
- Re: Re: Most common keystroke loggers? Michael Holstein (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- RE: Most common keystroke loggers? Jeroen van Meeuwen (Dec 02)
- re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- Re: Most common keystroke loggers? Michael Holstein (Dec 02)
- Re: Most common keystroke loggers? ascii (Dec 02)
- Re: Most common keystroke loggers? Rodrigo Barbosa (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 02)
- Re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 02)