Full Disclosure mailing list archives
RE: Defeating Citi-Bank Virtual Keyboard Protection
From: Nicob <nicob () nicob net>
Date: Mon, 08 Aug 2005 17:23:58 +0200
Le vendredi 05 août 2005 à 22:50 +0200, Michal Zalewski a écrit :
What I proposed (and I'm sure I'm not innovative here) went along the lines of hooking up and intercepting the mouse click button, and then, at the exact moment of mouse click, capturing the position of the mouse pointer, and a bitmap of its nearest surroundings - ideally, before the event is delivered to the browser window.
That's exactly what the PoC demonstrated here is doing : http://nicob.net/SSTIC05/Demo-SSTIC05.avi And black-hats are already using this kind of tools ... Nicob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection fractalg (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Peter Ferrie (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Nicob (Aug 08)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Bart Lansing (Aug 08)