WebApp Sec mailing list archives
Re: Re: Defeating Citi-Bank Virtual Keyboard Protection
From: F Lace <flace9 () gmail com>
Date: Tue, 16 Aug 2005 14:20:27 +0530
The trick would only work for extremely simple keyloggers, say those that were created in 1995. But in 2005, keyloggers is just another name for spyware that probably watches Windows, IE forms, and is pretty sophisticated about how it filters data.
Mike I posted this on another thread - if the spyware is reading IE forms then this can be worked around by encrypting, say MD5ing, the password field. So a virtual keyboard(to protect against keyloggers) plus encrypted password field(to protect against IE form readers) is enough for a good defence against password spywares. What do you think? Do you know or can you think of any mechanism that can defeat this defence scheme? --f
Current thread:
- Re: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
- Message not available
- Re: Defeating Citi-Bank Virtual Keyboard Protection Saqib Ali (Aug 12)
- Re: Defeating Citi-Bank Virtual Keyboard Protection intel96 (Aug 12)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Saqib Ali (Aug 12)
- Re: Defeating Citi-Bank Virtual Keyboard Protection intel96 (Aug 12)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 14)
- Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 15)
- Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 14)
- Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 15)
- Re: Re: Defeating Citi-Bank Virtual Keyboard Protection mike (Aug 15)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Bipin Gautam (Aug 15)
- Re: Re: Defeating Citi-Bank Virtual Keyboard Protection mike (Aug 16)
- Re: Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 16)