[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONTEST: Name That Program! (no-brainer)



At 1:29 PM 1/29/96, cjs wrote:
>> As you may have read in my previous message, First Virtual has developed
>> and demonstrated a program that completely undermines all known schemes
>> for using software-encrypted credit cards on the Internet.  More details
>> are avialable at http://www.fv.com/ccdanger.
>>
>> That was the easy part.
>
>***ROFL***
>
>This "pre-encryption" program is not a virus. It attaches to the
>keyboard driver and captures keystrokes from the keyboard as they are
>typed -- BEFORE they can be encrypted by the application encryption
>software. First Virtual scientists note that credit a check-digit. A
>greater danger is that passwords are also as easily captured.
>
>***ROFL***

Umm - that is not news, it's an old hacker trick originally used for
scamming login/passwd pairs.

I've seen this done as either a patch to the telcom program used in a
public lab on campus (this was actually quite clever - it'd wait till you
completed your login and then email the cracker your login/passwd while
simultaneously keeping the information from appearing on screen.  It even
kept his email address encrypted so I had to use a debugger to find it) or
as a TSR or Macintosh extension.

2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.