Re: Defeating Citibank Virtual Keyboard protection using screens
On 7 May 2007 yashks@gmail.com wrote:
> Severity: Critical
Erm, you do realize malware has been doing this for a long long time now,
right?
Virtual keyboards come as a solution for fighting one type of phishing and
one type alone. OCR or screenshots of mouse position on-click, for
example, are happening daily.
In most cases, it isn't really required to take screenshots:
http://blogs.securiteam.com/index.php/archives/678
Gadi.
>
> Platforms Affected:
>
> Microsoft Corporation: Windows 98 Any version
> Microsoft Corporation: Windows Me Any version
> Microsoft Corporation: Windows XP Any version
> Microsoft Corporation: Windows 2000 Any version
> Microsoft Corporation: Windows 2003 Any version
> Microsoft Corporation: Windows NT 4.0 Any version
> Citi-Bank: Citi-Bank Virtual Keyboard Any version
>
> Browsers:
> Microsoft Internet Explorer Any version
> Mozilla FireFox Any version
> Any browser runs on Win32 platform ( With slight modification )
>
> Original URL : http://www.tracingbug.com/index.php/articles/view/23.html
>
> Regards,
> Yash K.S <yashks@gmail.com > | www.tracingbug.com
>
討論串 (同標題文章)
完整討論串 (本文為第 2 之 14 篇):