Bugtraq mailing list archives
Re: Defeating Citibank Virtual Keyboard protection using screenshot method
From: "mailbox () martinelli com" <john () martinelli com>
Date: Thu, 17 May 2007 15:56:39 +0000 (UTC)
If malware is running on the user's computer, can it change the destination of a funds transfer invisibly to the user, and still
have
the verification work?
Theoretically, this is possible. An advanced client-side MITM attack could be crafted, altering packets on-the-fly and returning a false confirmation page. i.e.: normal response: "$100 USD has been transferred from your () email com to evil () hacker com" altered response: "$100 USD has been transferred from your () email com to your () recipient com" -John Martinelli RedLevel.org Security
Current thread:
- RE: Defeating Citibank Virtual Keyboard protection using screenshot method, (continued)
- RE: Defeating Citibank Virtual Keyboard protection using screenshot method Omar A. Herrera (May 11)
- RE: Defeating Citibank Virtual Keyboard protection using screenshot method Hugo van der Kooij (May 12)
- Re: Defeating Citibank Virtual Keyboard protection using screenshot method Seth (May 15)
- RE: Defeating Citibank Virtual Keyboard protection using screenshot method Glynn Clements (May 15)
- Re: Defeating Citibank Virtual Keyboard protection using screenshot method Bojan Zdrnja (May 16)
- Message not available
- Defeating Citibank Virtual Keyboard protection using screenshot method aditya kuppa (May 17)
- Re: Defeating Citibank Virtual Keyboard protection using screenshot method Bojan Zdrnja (May 17)