How to protect your Online Customers" passwords?

Try online demo at www.g2id.com to find out how....

http://www.g2id.com/G2ID_affordable_strong_authentication_Se curInput.htm

Re: How to protect your Online Customers" passwords?

If I understand your technology, it tries to defeat spyware by adding
some noise to the captured data.

How can this resist to some repeated observation and the fact that
human movements follow a rhythm?

What about an attacker observing both the screen and the keyboard
input? Wouldn't this allow him/her/it to select the real keystrokes?

Kind regards
Ludovic Joly

Re: How to protect your Online Customers" passwords?

Excellent Question!!!

There are two reasons a hacker is unlikely to succeed:

1) G2iD has programmed the cursor movement to randomly move at
different speeds and strike the keys at different spots on the Virtual
Keyboard (VKB), as close to imitating the user as possible. The hacker
can never tell if the first or last click is real or fake.

2) It is highly unlikely that the hacker will accurately capture a
strong password in its entirety, thus will likely end up locking the
user's account assuming that the institution uses a 3 times and your
out rule.

G2iD's technology uses a virtual keyboard on the screen, thus there are
no keyboard strokes to record. There is spyware, however, that can
record mouse clicks and cursor coordintates. Since we employ java
technology, the "noise" that throws the hacker off is actually java
applet generated mouse clicks (generated by our patent pending
generator). These are seen at the system level as real mouse clicks,
thus anyone monitoring mouse click and cursor coordinates will not be
able to determine the user generated ones from the applet generated
ones. Our applet sends only the user generated clicks for the actual
login.

SecurInput fills the "gap" between a newly release key logger and or
screen capturing trojan and the release of a new definition by the
Anti-Virus and Spyware vendors (Typically the turnaround time for a new
virus / spyware definition is between 24 to 48 hrs on a average if not
longer), thus providing real time password protection even if the
trojan is already installed on the victim's PC.

Re: How to protect your Online Customers" passwords?

G2iDStaff wrote:
> G2iD's technology uses a virtual keyboard on the screen, thus there are
> no keyboard strokes to record. There is spyware, however, that can
> record mouse clicks and cursor coordintates. Since we employ java
> technology, the "noise" that throws the hacker off is actually java
> applet generated mouse clicks (generated by our patent pending
> generator). These are seen at the system level as real mouse clicks,
> thus anyone monitoring mouse click and cursor coordinates will not be
> able to determine the user generated ones from the applet generated
> ones. Our applet sends only the user generated clicks for the actual
> login.

Sorry, this sounds like a bunch of bullshit.

I fear, it would be better for you to deal with security basics than
to implement security by obscurity systems and to sell snake oil.

> SecurInput fills the "gap" between a newly release key logger and or
> screen capturing trojan and the release of a new definition by the
> Anti-Virus and Spyware vendors (Typically the turnaround time for a new
> virus / spyware definition is between 24 to 48 hrs on a average if not
> longer), thus providing real time password protection even if the
> trojan is already installed on the victim's PC.

Ridiculous.

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Re: How to protect your Online Customers" passwords?

G2iDStaff wrote:

> 1) G2iD has programmed the cursor movement to randomly move at
> different speeds and strike the keys at different spots on the
> Virtual Keyboard (VKB), as close to imitating the user as possible.
> The hacker can never tell if the first or last click is real or fake.
>
>
He can tell your mouse clicks from the user's ones by looking where
they're generated?

> 2) It is highly unlikely that the hacker will accurately capture a
> strong password in its entirety,

Wrong assumption.

> Since we employ java technology, the "noise" that throws the hacker
> off is actually java applet generated mouse clicks (generated by our
> patent pending generator).

So you're such big loosers that you need to exploit the lousy patent
laws in USA to patent your childish idea of no creative value?

hint: "patent pending" is a _bad_ qualification, nothing to be proud of

> These are seen at the system level as real mouse clicks,

Wrong again. There's a huge difference between a MouseEvent inside of a
JVM usermode process and a NCHITTEST() received by a kernel-mode driver.
On Unix the difference is even more obvious, as it can be seen withing
the JVM process itself (hail X11!).

> thus anyone monitoring mouse click and cursor coordinates will not be
> able to determine the user generated ones from the applet generated
> ones.

He will.

> Our applet sends only the user generated clicks for the actual login.
>
So that's what he can capture as well.

> thus providing real time password protection even if the trojan is
> already installed on the victim's PC.

Do you even believe the bullshit you write?

Re: How to protect your Online Customers" passwords?

"G2iDStaff" writes:

>Excellent Question!!!

>There are two reasons a hacker is unlikely to succeed:

>1) G2iD has programmed the cursor movement to randomly move at
>different speeds and strike the keys at different spots on the Virtual
>Keyboard (VKB), as close to imitating the user as possible. The hacker
>can never tell if the first or last click is real or fake.

>2) It is highly unlikely that the hacker will accurately capture a
>strong password in its entirety, thus will likely end up locking the
>user's account assuming that the institution uses a 3 times and your
>out rule.

>G2iD's technology uses a virtual keyboard on the screen, thus there are
>no keyboard strokes to record. There is spyware, however, that can
>record mouse clicks and cursor coordintates. Since we employ java
>technology, the "noise" that throws the hacker off is actually java
>applet generated mouse clicks (generated by our patent pending
>generator). These are seen at the system level as real mouse clicks,

Right there you lost all credibility. Patent pending? Sheesh.

>thus anyone monitoring mouse click and cursor coordinates will not be
>able to determine the user generated ones from the applet generated
>ones. Our applet sends only the user generated clicks for the actual
>login.

>SecurInput fills the "gap" between a newly release key logger and or
>screen capturing trojan and the release of a new definition by the
>Anti-Virus and Spyware vendors (Typically the turnaround time for a new
>virus / spyware definition is between 24 to 48 hrs on a average if not
>longer), thus providing real time password protection even if the
>trojan is already installed on the victim's PC.

Testing Results

After a week and a half of intense testing, your technical assessment
of our product has been proven inaccurate by testing.

Re: Testing Results

Post removed (X-No-Archive: yes)

Re: Testing Results

Leythos wrote:
> In article <1149511779.926907.161830@c74g2000cwc.googlegroups.com>,
> g2idstaff@g2id.com says...
> > After a week and a half of intense testing, your technical assessment
> > of our product has been proven inaccurate by testing.
>
> No one knows what product, as you've failed to indicate the product in
> this message.
>
> This is Usenet, not email.

You mean that "Usenet" thingie of yours is *worse* than Google Groups'
newsreader!? Heaven forbid! :-)

But you're right, no one knows what product, for the simple reason
that there *is no* "product".

Re: Testing Results

Thanks Leythos and Frank,

I forgot to include a link to the product mentioned in the previous
posting:

http://www.g2id.com/G2ID_affordable_strong_authentication_Se curInput.htm

I just wanted to make clear that this is a fully functional product
available to anyone who desires to give it a try (30 Day Eval). It is
a backend solution (Website) consisting of a .jar and a .class file.