RE: Defeating Citibank Virtual Keyboard protection using screenshot method

To: "Int3" <yashks@xxxxxxxxx>
Subject: RE: Defeating Citibank Virtual Keyboard protection using screenshot method
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
Date: Wed, 9 May 2007 11:25:22 -0700
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
In-reply-to: <d92471360705091114pdb5416cp18ea80367c5e80fc@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070507100243.16064.qmail@xxxxxxxxxxxxxxxxx> <4C12C33FB9D17644817F45CDE1966274146D53@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <d92471360705091114pdb5416cp18ea80367c5e80fc@xxxxxxxxxxxxxx>
Thread-index: AceSZeMm7PncxhQQRsyycAMWCcroGgAAOSbw
Thread-topic: Defeating Citibank Virtual Keyboard protection using screenshot method

Granted, it's an interesting methodology, but until you can demonstrate
circumvention of the CitiBank keylogger without installing code on the
victim host, a threat is not indicated and cannot be taken seriously.

-----Original Message-----
From: Int3 [mailto:yashks@xxxxxxxxx] 
Sent: Wednesday, May 09, 2007 11:14 AM
To: Jim Harrison
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Defeating Citibank Virtual Keyboard protection using
screenshot method

 
This is not malware, it will only help people to experiment and see the
result without writing one for themself. 
 
Regards,
Yash K.S
 
On 5/9/07, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: 

        (copied here without permission)
        Step by Step Demo:
        
        - Download POC from http://tracingbug.com/downloads/citihook.zip
<http://tracingbug.com/downloads/citihook.zip>  and
        unzip to some directory
        - Launch citihook.exe, this will watch only
        https://www.online.citibank.co.in/ URL
        
        Effectively, "Let me install my malware on your machine to
demonstrate
        how vulnerable it is."
        
        P-p-p-p-p-p-leeeze (three anti-social points for that quote)!
        The "problem" ceases to be a vulnerability at this point. 
        
        -----Original Message-----
        From: yashks@xxxxxxxxx [mailto:yashks@xxxxxxxxx]
        Sent: Monday, May 07, 2007 3:03 AM
        To: bugtraq@xxxxxxxxxxxxxxxxx <mailto:bugtraq@xxxxxxxxxxxxxxxxx>

        Subject: Defeating Citibank Virtual Keyboard protection using
screenshot
        method
        
        Severity: Critical
        
        Platforms Affected:
        
        Microsoft Corporation: Windows 98 Any version 
        Microsoft Corporation: Windows Me Any version
        Microsoft Corporation: Windows XP Any version
        Microsoft Corporation: Windows 2000 Any version
        Microsoft Corporation: Windows 2003 Any version
        Microsoft Corporation: Windows NT 4.0 Any version
        Citi-Bank: Citi-Bank Virtual Keyboard Any version
        
        Browsers:
        Microsoft Internet Explorer Any version
        Mozilla FireFox Any version
        Any browser runs on Win32 platform ( With slight modification ) 
        
        Original URL :
http://www.tracingbug.com/index.php/articles/view/23.html
        
        Regards,
        Yash K.S <yashks@xxxxxxxxx > | www.tracingbug.com
        
        All mail to and from this domain is GFI-scanned.
        
        



All mail to and from this domain is GFI-scanned.

Follow-Ups:
- RE: Defeating Citibank Virtual Keyboard protection using screenshot method
  - From: Gadi Evron

References:
- Defeating Citibank Virtual Keyboard protection using screenshot method
  - From: yashks
- RE: Defeating Citibank Virtual Keyboard protection using screenshot method
  - From: Jim Harrison

Prev by Date: RE: Defeating Citibank Virtual Keyboard protection using screenshot method
Next by Date: [ MDKSA-2007:100 ] - Updated bind packages fix vulnerability
Previous by thread: RE: Defeating Citibank Virtual Keyboard protection using screenshot method
Next by thread: RE: Defeating Citibank Virtual Keyboard protection using screenshot method
Index(es):
- Date
- Thread