Comments on: The Abstract Cheetos Attack.

By: wholesaleclothing

wholesaleclothing — Thu, 15 Jan 2009 06:35:12 +0000

The post really nice , i like it ,thanks for sharing,thanks for your post, i will keep read your blog everyday
wholesale clothing
wholesale clothing distributors
wholesale Korean fashion

By: Ann E. Mouse

Ann E. Mouse — Fri, 20 Jun 2008 09:56:12 +0000

I worked at a small company in the East Bay that had a small shroud around the keypad and the numbers showed up in random locations on the keypad for each attempted pin entry. They had good security for the time.

By: jnoller

jnoller — Fri, 20 Jun 2008 01:34:34 +0000

Well, that spoiled my dangerously cheesey fun :)

By: Lucas

Lucas — Fri, 20 Jun 2008 01:05:57 +0000

Probably works best in the PIN setting mentioned by Passive above, since password characters may not be the most frequently used. Take a password like "eleph@nt", for example. "e" is the most commonly used character in English, as in this password. And if the target types many email addresses (which is not too far-fetched), even the @ symbol may be explained away.

All that said, this can be a very useful attack in the right context.

By: jnoller

jnoller — Wed, 18 Jun 2008 20:08:49 +0000

Or my clothes for that matter!

By: Steve

Steve — Wed, 18 Jun 2008 19:59:10 +0000

Remind me never to borrow your laptop …

By: Passive

Passive — Wed, 18 Jun 2008 19:53:24 +0000

Interestingly enough, a similar attack has proved very useful against building security systems that require PIN entry to disable. Usually, the keypads are only used for entering the PINs, so by examining the wear on the keypad, it is often clear which are the PIN keys. In an old office I worked at, the order of the PIN numbers was even clear, as the first key was both the most worn, and the dirtiest, due to force of pressing, and transfer of dirt/oils from the pressers fingers. It seems that the first keys is always jabbed rather fiercely, with the amount of force generally being reduced on each subsequent press.