|
WebApp Sec
mailing list archives
Re: Re: Defeating Citi-Bank Virtual Keyboard Protection
From: F Lace <flace9 () gmail com>
Date: Tue, 16 Aug 2005 14:20:27 +0530
The trick would only work for extremely simple keyloggers, say those that were created in 1995. But in 2005,
keyloggers is just another name for spyware that probably watches Windows, IE forms, and is pretty sophisticated
about how it filters data.
Mike
I posted this on another thread - if the spyware is reading IE forms
then this can be worked around by encrypting, say MD5ing, the password
field. So a virtual keyboard(to protect against keyloggers) plus
encrypted password field(to protect against IE form readers) is enough
for a good defence against password spywares. What do you think? Do
you know or can you think of any mechanism that can defeat this
defence scheme?
--f
 By Date 
By Thread
Current thread:
- Re: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
|
Intro
