|
|
BugTraq
Defeating Citibank Virtual Keyboard protection using screenshot method May 07 2007 10:02AM yashks gmail com (4 replies) Re: Defeating Citibank Virtual Keyboard protection using screenshot method May 10 2007 10:53PM Jan Heisterkamp (janheisterkamp web de) Re: Defeating Citibank Virtual Keyboard protection using screenshot method May 09 2007 05:56PM Gadi Evron (ge linuxbox org) Re: Defeating Citibank Virtual Keyboard protection using screenshot method May 09 2007 05:53PM Reversemode (advisories reversemode com) |
|
Privacy Statement |
Step by Step Demo:
- Download POC from http://tracingbug.com/downloads/citihook.zip and
unzip to some directory
- Launch citihook.exe, this will watch only
https://www.online.citibank.co.in/ URL
Effectively, "Let me install my malware on your machine to demonstrate
how vulnerable it is."
P-p-p-p-p-p-leeeze (three anti-social points for that quote)!
The "problem" ceases to be a vulnerability at this point.
-----Original Message-----
From: yashks (at) gmail (dot) com [email concealed] [mailto:yashks (at) gmail (dot) com [email concealed]]
Sent: Monday, May 07, 2007 3:03 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Defeating Citibank Virtual Keyboard protection using screenshot
method
Severity: Critical
Platforms Affected:
Microsoft Corporation: Windows 98 Any version
Microsoft Corporation: Windows Me Any version
Microsoft Corporation: Windows XP Any version
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0 Any version
Citi-Bank: Citi-Bank Virtual Keyboard Any version
Browsers:
Microsoft Internet Explorer Any version
Mozilla FireFox Any version
Any browser runs on Win32 platform ( With slight modification )
Original URL : http://www.tracingbug.com/index.php/articles/view/23.html
Regards,
Yash K.S <yashks (at) gmail (dot) com [email concealed] > | www.tracingbug.com
All mail to and from this domain is GFI-scanned.
[ reply ]