|
Full Disclosure
mailing list archives
RE: Most common keystroke loggers?
From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Fri, 2 Dec 2005 09:41:55 +1100
In 1996, this virtual keypad concept was broken by taking 10x10 pixel images
under the cursor click, showing the number/letters used in that password.
Virtual keypads are just a minor change of tactics, not a long term
resolution to this risk, imho.
Lyal
-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of deepquest
Sent: Friday, 2 December 2005 9:26 AM
To: foofus () foofus net
Cc: Full-Disclosure
Subject: Re: [Full-disclosure] Most common keystroke loggers?
To me the only thing that can defeat keystroke is what a software or
trojan can not do: See (OCR is just a partial application of guess
but not applicable in that case)
Imagine a web page with a virtual keyboard page (clickable). In order
to prevent the localisation on the keys mapping based on position of
the mouse, display the keyboard on random location of the screen. Add
a random password and challenge authentication process.
my 2 cents,
Deepquest
"Justification of windows usage is a combinaison of Stockholm Syndrome and
cognitive dissonance."
--------------------------------------------------------------
Propaganda http://deepquest.code511.com/blog
FIB http://www.futureisbeta.com
PGP DH/DSS http://www.futureisbeta.com/pgp
--------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Most common keystroke loggers?, (continued)
|
Intro
