|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
From: Michal Zalewski (lcamtuf
dione.ids.pl)
Date: Fri Aug 05 2005 - 15:56:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 5 Aug 2005, Jeremy Bishop wrote:
> You'd need to squeeze in some OCR code as well, or figure it out
> manually (or maybe use the same techniques as for getting around
> "captchas").
Well, if carders can be bothered to review hours of recorded material from
ATM-mounted cameras to grab PINs, they would be more than happy to review
some JPEGs by hand; make the logger activate only when a specific group of
SSL sites is displayed - and voila, live and prosper (then eventually go
to jail).
/mz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]