Re: Most common keystroke loggers?

[<mz4ph0d () gmail com>]

Nick Fitzgerald wrote:
You are deeply confused if you think "is totally trivial and hasn't
been attacked _yet_" is in any meaningful way "more secure"
than "is equally trivial and has already been broken".


And if that was what I was talking about, fair enough, but seeing
as I'm not ... all I was suggesting was something to help with the
situation where what was being employed was a compromise
that had a) a keystroke logger, and b) click hotspot screenshot
mechanism. It obviously (and though you did seem to have read
the entire post, thanks for that, you missed that I was at least
implying exactly this) doesn't help at all if you are dealing with
a more complex problem than that. I probably didn't make that
clear as I pretty much thought that was a given.

Some said "an onscreen random keypad" and others replied
"10 x 10px hotspot screenshots", so that's the exact problem
I looked at one possible way of addressing that particular and
limited problem. At no time did I suggest that it helped with
other problems that may be present, or made the solution
somehow now magically secure.

I also don't see how having a button change to be blank after
mousing over it effects people with fine motor skills. The
whole keyboard yes, a single button, no. Seriously visually
impaired people will have problems with *any* kind of
online keypad that is trying to obfuscate what the buttons
do apart from what they look like (because you would be
removing the tags used by the browser for accessibility
purposes anyway).

There is NO solution that will fully protect any login system
against a compromised machine if that machine is being
monitored and the compromise in place is being dynamically
updated to suit the needs of the attacker. That is also a given.
It may on the other hand help if you are dealing with a machine
that has a piece of malware on it that installed a keystroke
logger that is capable of hotspot screenshots and is not
dynamically updating. It also may make the output from the
machine uninteresting enough to the attacker to not bother
trying to further compromise the machine in question to
install things to do the more complex forms of attack that
you are talking about.


(Note, I didn't feel the need to once insult you or "strong arm"
you into being quiet. You are obviously an extremely intelligent
and knowledgeable guy, with a lot of experience in this area,
why the need for the attitude?)


Z.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/