|
WebApp Sec
mailing list archives
Re: Re: Defeating Citi-Bank Virtual Keyboard Protection
From: mike () securityfocus com, sharecube () securityfocus com, com () securityfocus com
Date: 15 Aug 2005 11:39:21 -0000
A "true" keylogger isn't exactly what is used in the real world. Modern keyloggers steal only user ids/passwords from
specific forms ujsed with specific applications (like web browsers).
It is important not to view these exploits as extremely simple or extremely narrowly focused. They are sophisticated
and getting ever more sophisticated. They are constantly evolving to bypass firewalls and avoid key log file detection.
The purpose of spyware is to steal passwords. They do it by reading forms. It is extremely simple to write a tool that
can look at many different applications and access passwords from both Windows, IE, and other browsers such as Firefox.
They are more interested in your banking site than in your game zone account login. They don't want IM traffic, casual
emails, or even posting at securityfocus.com
Mike
www.sharecube.com
 By Date 
By Thread
Current thread:
- Re: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
|
Intro
