[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection

To: Jeremy Bishop <requiem@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Date: Fri, 5 Aug 2005 22:56:25 +0200 (CEST)

On Fri, 5 Aug 2005, Jeremy Bishop wrote:

> You'd need to squeeze in some OCR code as well, or figure it out
> manually (or maybe use the same techniques as for getting around
> "captchas").

Well, if carders can be bothered to review hours of recorded material from
ATM-mounted cameras to grab PINs, they would be more than happy to review
some JPEGs by hand; make the logger activate only when a specific group of
SSL sites is displayed - and voila, live and prosper (then eventually go
to jail).

/mz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
  - From: Debasis Mohanty
- Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
  - From: Michal Zalewski
- Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
  - From: Jeremy Bishop

Prev by Date: RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
Next by Date: [Full-disclosure] iDEFENSE Security Advisory 08.05.05: EMC Navisphere Manager Directory Traversal Vulnerability
Previous by thread: Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
Next by thread: RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
Index(es):
- Date
- Thread