RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
From: Nicob (nicob_at_nicob.net)
Date: 08/08/05
- Previous message: Bart Lansing: "Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection"
- In reply to: Michal Zalewski: "RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection"
- Next in thread: fractalg_at_highspeedweb.net: "RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.grok.org.uk Date: Mon, 08 Aug 2005 17:23:58 +0200
Le vendredi 05 août 2005 à 22:50 +0200, Michal Zalewski a écrit :
> What I proposed (and I'm sure I'm not innovative here) went along the
> lines of hooking up and intercepting the mouse click button, and then,
> at the exact moment of mouse click, capturing the position of the
> mouse pointer, and a bitmap of its nearest surroundings - ideally,
> before the event is delivered to the browser window.
That's exactly what the PoC demonstrated here is doing :
http://nicob.net/SSTIC05/Demo-SSTIC05.avi
And black-hats are already using this kind of tools ...
Nicob
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Bart Lansing: "Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection"
- In reply to: Michal Zalewski: "RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection"
- Next in thread: fractalg_at_highspeedweb.net: "RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
