On Wed, Dec 18, 2024 at 09:10:23AM +0000, Michael Kjörling wrote: > On 17 Dec 2024 21:41 -0600, from deb...@lionunicorn.co.uk (David Wright): > > As you have to select the subset from some listboxes with a mouse, > > I would guess that the step is designed to defeat key-logging. > > If someone has maliciously installed a keylogger, there's also likely > some kind of screen recording software, so this seems like security > theater.
Nowadays, with browsers, you can even get better than just "screen recording". Think, e.g. Selenium, which can record "clickstreams" on a browser with reference to the DOM objects (is usually used for testing, but hey). When doing "security analysis", I tend to lump "compromised client" into one category. Cheers -- t
signature.asc
Description: PGP signature
