Slashdot Mirror

← Back to Stories (view on slashdot.org)

Transec, a Secure Authentication Tag Library

Posted by ryuzaki0 on from the no-keystrokes-to-capture dept.

Lado Kumsiashvili writes, "Micromata has placed Transec, a secure authentication JSP tag library, under the GPL. While developing the Polyas (German) online voting system, Micromata invented a component for secure PIN/password input via untrusted, insecure browsers. Transec is freely embeddable and redistributable for non-commercial projects; a commercial license is also available. Spyware in the form of Browser Helper Objects and keyloggers can capture user keyboard input even if it is encrypted. Transec enables user authentication using a 100% server-side control — only images and coordinates are transferred to the untrusted browser. The browser sends coordinate information of each click on this imagemap directly back to the server, and the server responds with a new image. If the browser is infected by malware, it can't give up the PIN/password since the browser doesn't know this information. The Java code and a demo application are available at the Transec homepage." I have heard tales of malware that can grab a screen capture in the vicinity of the cursor at any mouse-click. Does anyone know if such a threat actually exists?

2 of 125 comments (clear)

  1. Heh... by Anonymous Coward · · Score: 4, Funny

    "I have heard tales of malware that can grab a screen capture in the vicinity of the cursor at any mouse-click. Does anyone know if such a threat actually exists?"

    Well, it does now.

  2. Java GPL Domino game ? by Anonymous Coward · · Score: 1, Funny

    With Java implementations being now under GPLv2 (and could go to v3 when ready), are we about to see some domino effect ?

    Let's "GPL the world" !

    Not sure MS will like this game .... maybe they should bring a new TLD : .bin :P