From: jpb@miamisci.org (Joe Block)
Date: Tue, 30 Jan 1996 13:08:00 +0800
To: cjs@netcom.com (cjs)
Subject: Re: CONTEST:  Name That Program! (no-brainer)
Message-ID: <v01520c04ad332e13000a@[199.227.1.134]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:29 PM 1/29/96, cjs wrote:
>> As you may have read in my previous message, First Virtual has developed
>> and demonstrated a program that completely undermines all known schemes
>> for using software-encrypted credit cards on the Internet.  More details
>> are avialable at http://www.fv.com/ccdanger.
>>
>> That was the easy part.
>
>***ROFL***
>
>This "pre-encryption" program is not a virus. It attaches to the
>keyboard driver and captures keystrokes from the keyboard as they are
>typed -- BEFORE they can be encrypted by the application encryption
>software. First Virtual scientists note that credit a check-digit. A
>greater danger is that passwords are also as easily captured.
>
>***ROFL***

Umm - that is not news, it's an old hacker trick originally used for
scamming login/passwd pairs.

I've seen this done as either a patch to the telcom program used in a
public lab on campus (this was actually quite clever - it'd wait till you
completed your login and then email the cracker your login/passwd while
simultaneously keeping the information from appearing on screen.  It even
kept his email address encrypted so I had to use a debugger to find it) or
as a TSR or Macintosh extension.

2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.