WebApp Sec mailing list archives

Re: Re: Defeating Citi-Bank Virtual Keyboard Protection

From: mike () securityfocus com, sharecube () securityfocus com, com () securityfocus com
Date: 16 Aug 2005 01:17:40 -0000


Hi Bipin,

I saw your .txt file (although I didn't try the .wmv). The simple trick is to hit the SHIFT and type extra characters 
before you DELETE them and then enter the real data.

The trick would only work for extremely simple keyloggers, say those that were created in 1995. But in 2005, keyloggers 
is just another name for spyware that probably watches Windows, IE forms, and is pretty sophisticated about how it 
filters data.

Mike

Current thread:

RE: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
- - - RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 13)
    - Message not available
    - Re: Defeating Citi-Bank Virtual Keyboard Protection Saqib Ali (Aug 12)
  - Re: Defeating Citi-Bank Virtual Keyboard Protection intel96 (Aug 12)
    - Re: Defeating Citi-Bank Virtual Keyboard Protection Saqib Ali (Aug 12)
- Re: Defeating Citi-Bank Virtual Keyboard Protection intel96 (Aug 12)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 14)
  - Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 15)
    - Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 14)
- Re: Re: Defeating Citi-Bank Virtual Keyboard Protection mike (Aug 15)
  - Re: Defeating Citi-Bank Virtual Keyboard Protection Bipin Gautam (Aug 15)
- Re: Re: Defeating Citi-Bank Virtual Keyboard Protection mike (Aug 16)
  - Re: Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 16)