WebApp Sec mailing list archives
Re: Re: Defeating Citi-Bank Virtual Keyboard Protection
From: mike () securityfocus com, sharecube () securityfocus com, com () securityfocus com
Date: 15 Aug 2005 11:39:21 -0000
A "true" keylogger isn't exactly what is used in the real world. Modern keyloggers steal only user ids/passwords from specific forms ujsed with specific applications (like web browsers). It is important not to view these exploits as extremely simple or extremely narrowly focused. They are sophisticated and getting ever more sophisticated. They are constantly evolving to bypass firewalls and avoid key log file detection. The purpose of spyware is to steal passwords. They do it by reading forms. It is extremely simple to write a tool that can look at many different applications and access passwords from both Windows, IE, and other browsers such as Firefox. They are more interested in your banking site than in your game zone account login. They don't want IM traffic, casual emails, or even posting at securityfocus.com Mike www.sharecube.com
Current thread:
- RE: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 12)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Andrew van der Stock (Aug 12)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 13)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 12)
- Message not available
- Re: Defeating Citi-Bank Virtual Keyboard Protection Saqib Ali (Aug 12)
- Re: Defeating Citi-Bank Virtual Keyboard Protection intel96 (Aug 12)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Saqib Ali (Aug 12)
- Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 15)
- Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 14)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Bipin Gautam (Aug 15)
- Re: Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 16)