| Author |
Message |
testy1
Involved
Joined: Apr 06, 2008
Posts: 483
|
 Posted:
Fri Feb 20, 2009 7:42 pm |
 
|
I was on my online banking set up and noticed they have upgraded there security with new features and thought it could be used somehow in RN.Now this is just a thought so bare with me.
I have provided an image to show you as well as a complete working example.
Image:
Working Example:
basically the password is input via the js keyboard,Is this helpfull in anyway or just a waste of time?
Maybe when you click the admin link of your site a popup or login would display this keyboard. |
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2456
Location: Pittsburgh, Pennsylvania
|
| Posted:
Fri Feb 20, 2009 7:53 pm |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sat Feb 21, 2009 12:37 am |
|
Would make it harder, but not impossible to subvert. Since JavaScript runs on the client-side, it would be hard to validate whether input is coming from the place you intend |
|
|
|
|
Unit1
Worker
Joined: Oct 26, 2004
Posts: 134
Location: Boston
|
| Posted:
Sat Feb 21, 2009 10:00 am |
|
testy1 the same interface can be done in Firefox. I use it, Enter text with a Greasemonkey-powered virtual keyboard. Using a virtual keyboard isn't an absolute guarantee against having your login and password lifted—thieves can be rather resourceful, of course—but it is a good defense against hardware and basic software key-loggers. Virtual Keyboard Interface is a Greasemonkey script.
Greasemonkey Plugin For Firefox here
About virtual keyboard here
Source Code here
|
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Sat Feb 21, 2009 1:31 pm |
|
Just a general caution with regards to Greasemonkey folks (not saying this to you Unit1, but to folks who may not know its full use). Be extremely careful as to what scripts you download/accept to be used with it. As always, know exactly what it is you are downloading and installing before you finally commit to going "all the way". Very powerful tool in the hands of a security analyst and hackers alike, with a few other "gems" like what Unit1 has found. |
|
|
|
|
|
Unit1
Worker
Joined: Oct 26, 2004
Posts: 134
Location: Boston
|
| Posted:
Sat Feb 21, 2009 2:55 pm |
|
| montego wrote: | | Just a general caution with regards to Greasemonkey folks (not saying this to you Unit1, but to folks who may not know its full use). Be extremely careful as to what scripts you download/accept to be used with it. As always, know exactly what it is you are downloading and installing before you finally commit to going "all the way". Very powerful tool in the hands of a security analyst and hackers alike, with a few other "gems" like what Unit1 has found. |
Thanks for the extra info montego  Just goes to show everyone how you all are willing to take time out from your life to keep us up to date with the info we need to be safe.  |
|
|
|
|
|
testy1
Involved
Joined: Apr 06, 2008
Posts: 483
|
| Posted:
Sat Feb 21, 2009 6:08 pm |
|
| Unit1 wrote: | testy1 the same interface can be done in Firefox. I use it, Enter text with a Greasemonkey-powered virtual keyboard. Using a virtual keyboard isn't an absolute guarantee against having your login and password lifted—thieves can be rather resourceful, of course—but it is a good defense against hardware and basic software key-loggers. Virtual Keyboard Interface is a Greasemonkey script.
Greasemonkey Plugin For Firefox here
About virtual keyboard here
Source Code here
|
There is no absolute guarantee but this is different to grease monkey, grease monkey is just an enhancement |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Mon Feb 23, 2009 6:07 am |
|
Let me be clear. It absolutely is the same FireFox add-on and you need to be extremely careful which user scripts you allow it to load in! Trust me. This thing has its roots within the security analysis and hacker world. A script run through Greasemonkey can do pretty much anything it wants to do. I am just saying, know what it is you load into it. |
|
|
|
|
|
testy1
Involved
Joined: Apr 06, 2008
Posts: 483
|
| Posted:
Mon Feb 23, 2009 7:44 am |
|
sorry I should have been clearer.....
I meant it wasn't through grease monkey it is actually hard coded...But I also know what your saying, If that makes any more sense  |
|
|
|
|
|
Unit1
Worker
Joined: Oct 26, 2004
Posts: 134
Location: Boston
|
| Posted:
Mon Feb 23, 2009 11:02 am |
|
| montego wrote: | | Let me be clear. It absolutely is the same FireFox add-on and you need to be extremely careful which user scripts you allow it to load in! Trust me. This thing has its roots within the security analysis and hacker world. A script run through Greasemonkey can do pretty much anything it wants to do. I am just saying, know what it is you load into it. |
So from your point the one I am using is it safe? I hate to post something here and come to find out I posted something that should not be used? |
|
|
|
|
|
testy1
Involved
Joined: Apr 06, 2008
Posts: 483
|
| Posted:
Mon Feb 23, 2009 4:08 pm |
|
To be honest I dont like using grease monkey as you can never really trust the author of the plugins.All I am saying is the one I was testing was hard coded javascript file which is really no different to any other script you run on your site.
I don't no enough about grease monkey but have heard some stories so I choose to stay away from it altogether.Montego could probably fill you in a little more. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Mon Feb 23, 2009 6:03 pm |
|
Well, I don't have time, unfortunately, to review GreaseMonkey scripts. Sorry. I was just serving the community at large with a warning just to be careful with it and especially others' scripts. Also be aware that I believe there is an auto-run/load type feature, that if you are not careful, and visit a site with the malicious code, you could end up installing/running it. It really is that powerful, and thus, dangerous. I leave it disabled unless I absolutely have a specific need for it. |
|
|
|
|
|
Unit1
Worker
Joined: Oct 26, 2004
Posts: 134
Location: Boston
|
| Posted:
Mon Feb 23, 2009 7:28 pm |
|
GreaseMonkey script disabled
Thanks  |
|
|
|
|
|
sexycoder
Spammer and overall low life
Joined: Feb 02, 2009
Posts: 82
|
| Posted:
Sun Jun 21, 2009 7:33 pm |
|
I dont think Grease Monkey is a malicious script but it could be others modify it and make it dangerous and that is always u need to know where u download it. I always take GreaseMonkey from the author and I never had anyproblem. Just to mention it. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Thu Jun 25, 2009 8:09 pm |
|
sexycoder, its not the GreaseMonkey FireFox plug-in that is the problem. It is the wealth of GreaseMonkey scripts that are available for download just about anywhere and everywhere and in some cases, you are unaware that the script you downloaded just automatically ran... there are other such security issues as well. GreaseMonkey is so powerful, that the wrong script at the wrong time with someone who doesn't know any better how to protect themselves could get into some serious hot water.
Enough said from me on this. You have been warned. |
|
|
|
|
|
eldorado
Involved
Joined: Sep 10, 2008
Posts: 414
Location: France,Translator
|
| Posted:
Fri Jun 26, 2009 12:47 am |
|
my input , the virtual keyboard from google.load() 
code snippet : | Code: |
/*
* How to setup two keyboards for different textareas.
*/
google.load("elements", "1", {packages: "keyboard"});
function onLoad() {
var content = document.getElementById('content');
// Create the HTML for out text area
content.innerHTML = '<div><i>(Scroll down)</i> ' +
'Type Hindi in one textarea and type Arabic in the other.</div>' +
'<textarea id="t1" style="width: 300px; ' +
'height: 100px;"></textarea> ' +
'<textarea id="t2" style="width: 300px; ' +
'height: 100px; direction: rtl;"></textarea> ';
var kbd1 = new google.elements.keyboard.Keyboard(
[google.elements.keyboard.LayoutCode.HINDI],
['t1']);
var kbd2 = new google.elements.keyboard.Keyboard(
[google.elements.keyboard.LayoutCode.ARABIC],
['t2']);
}
google.setOnLoadCallback(onLoad);
|
the only problems would be to keep up with google's code and them providing all keyboard set.
the only downside about google.load() is that you rely on their hosting.however I don't see google going down tomorow |
|
|
 |
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
