Full Disclosure mailing list archives
re: Most common keystroke loggers?
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 02 Dec 2005 11:35:16 -0600
On Fri, 2005-12-02 at 10:18 +1100, mz4ph0d () gmail com wrote:
That would at least stop two of those problems, those being basic keylogging, and screenshots of the hotspot on click.
Why wait for a click? The attacker can just record all screen activity in an AVI file and upload that. No need to wait for clicks. Other options would be audible passwords, but the attacker could also records all sound. There might be optical effects tricks that could be employed that play on things like the latency of a retina or whatnot. Flash a series of random numbers on the screen while giving one number a bit longer time. The pattern might appear to the human eye like that number, while it *may* defeat screen recordings. (frequency of display changes and attacker recording screen data would be the same for the attacker to interpret the visual effect exactly like the user). At the end of the day, one-time-passwords for login *and* transactions are probably the only real solution to prevent replay and mitm attacks (the latter using OTP hashed transactions). Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Anonymous Squirrel (Dec 02)
- RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
- Re: Most common keystroke loggers? foofus (Dec 02)
- RE: Re: Most common keystroke loggers? Todd Towles (Dec 01)
- Re: Re: Most common keystroke loggers? Michael Holstein (Dec 01)
- re: Most common keystroke loggers? mz4ph0d (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- RE: Most common keystroke loggers? Jeroen van Meeuwen (Dec 02)
- re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- Re: Most common keystroke loggers? Michael Holstein (Dec 02)
- Re: Most common keystroke loggers? ascii (Dec 02)
- Re: Most common keystroke loggers? Rodrigo Barbosa (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 02)
- Re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 02)
- Re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)