WebApp Sec: Re: Re: Defeating Citi-Bank Virtual Keyboard Protection

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Re: Defeating Citi-Bank Virtual Keyboard Protection

From: mike () securityfocus com, sharecube () securityfocus com, com () securityfocus com
Date: 16 Aug 2005 01:17:40 -0000


Hi Bipin,

I saw your .txt file (although I didn't try the .wmv). The simple trick is to hit the SHIFT and type extra characters 
before you DELETE them and then enter the real data.

The trick would only work for extremely simple keyloggers, say those that were created in 1995. But in 2005, keyloggers 
is just another name for spyware that probably watches Windows, IE forms, and is pretty sophisticated about how it 
filters data.

Mike

By Date By Thread

Current thread:

RE: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 14)
  - Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 15)
    - Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 14)
- Re: Re: Defeating Citi-Bank Virtual Keyboard Protection mike (Aug 15)
  - Re: Defeating Citi-Bank Virtual Keyboard Protection Bipin Gautam (Aug 15)
- Re: Re: Defeating Citi-Bank Virtual Keyboard Protection mike (Aug 16)
  - Re: Re: Defeating Citi-Bank Virtual Keyboard Protection F Lace (Aug 16)