Full Disclosure mailing list archives

RE: Most common keystroke loggers?

From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Fri, 2 Dec 2005 10:09:36 +1100

"Usage once" is not an effeective measure against mitm attacks, as has been
discussed earlier in this thread.
Give user error message, while executing txn of attacker's choice on the
victim site with the legitimate user's authority.

How do disputed transactions get resovled in this supposedly more secure
framework since 'the authenticaiton is infallible' (marketing speak)?

Lyal



-----Original Message-----
From: deepquest [mailto:adf () code511 com] 
Sent: Friday, 2 December 2005 9:44 AM
To: Lyal Collins
Cc: foofus () foofus net; 'Full-Disclosure'
Subject: Re: [Full-disclosure] Most common keystroke loggers?

In 1996, this virtual keypad concept was broken by taking 10x10
pixel images
under the cursor click, showing the number/letters used in that  
password.

Virtual keypads are just a minor change of tactics, not a long term 
resolution to this risk, imho.


I agree but what about the second random password and challenge  
authentification? Both should be unique and usage once.

-D

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Most common keystroke loggers?, (continued)
- - Re: Most common keystroke loggers? Mike Jones (Dec 01)
- Re: Most common keystroke loggers? Valdis . Kletnieks (Dec 01)
  - Re: Most common keystroke loggers? foofus (Dec 01)
    - Re: Most common keystroke loggers? Mike Jones (Dec 01)
    - Re: Most common keystroke loggers? deepquest (Dec 01)
    - RE: Most common keystroke loggers? Lyal Collins (Dec 01)
    - Re: Most common keystroke loggers? deepquest (Dec 01)
    - Re: Most common keystroke loggers? php0t (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? php0t (Dec 01)
    - RE: Most common keystroke loggers? Lyal Collins (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
  - Re: Most common keystroke loggers? Lionel Ferette (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
  - Re: Most common keystroke loggers? Dave Korn (Dec 01)
    - Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
    - Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
  - RE: Most common keystroke loggers? Debasis Mohanty (Dec 01)
  - Re: Most common keystroke loggers? Kyle Lutze (Dec 01)

(Thread continues...)