Wednesday, January 9, 2008

Flaw in On Screen Keyboard provided on Bank Sites

There was one time when key-logging softwares were used to on public computers to steal bank account passwords. Now in order to provide security against keyloggers; banks have come up with the idea of on screen keyboards. These allows user to select the characters from on screen keyboard rather than typing them.
But I think that this new on screen keyboard scheme is more prone to attack as compared to keylogger.
How? Well. someone can install a camera. Or there are softwares which can record user activity in video file. Also when you select a character from a on screen keyboard, a sound is generated. A combination of video showing your mouse movements and click sounds can reveal your password.
So moral of the story is; never, never acces your bank's site on a public computer.

No comments: