_____ _   _ _____  _____ _____ _____
  /  ___| |_| |  _  \|  _  |  _  |_   _|
  | (___|  _  | [_)_/| (_) | (_) | | |
  \_____|_| |_|_| |_||_____|_____| |_|
         C. H. R. O. O. T.  SECURITY  GROUP
         - -- ----- --- -- -- ---- --- -- -
                      http://www.chroot.org

                          _   _ _ _____ ____ ____ __  _ 
        Hacks In Taiwan  | |_| | |_   _|  __|    |  \| |
        Conference 2008  |  _  | | | | | (__| () |     |
                         |_| |_|_| |_| \____|____|_|\__|
                                      http://www.hitcon.org




  Subject======:: Malicious Web Browser Attack

  Author ======:: unohope [at] chroot [dot] org

  IRC =========:: irc.chroot.org #chroot

  Greets ======:: TimHsu, Newbug, Roamer & all chroot members

  Content =====:: Malicious Web Browser Attack is a new attack strategy and tendency in client-side, 
                  This is the most easy way to bypass many kinds of authentication by attackers,
                  be like Captcha, Sign-In Seal, One Time Password, Certification, IC Card, and etc.
                  and won't be restricted to firewall, ids, ips, anti-virus, anti-phishing,...
                  Maybe you are an accessory, but were not in the know anything!                 

                  When you were under an insecure environment, attackers could modify many information from web browser.
                  It could be any kind of browser plug-in, rootkit, spyware, masqueraded malicious software, blah-blah.
                  Then you will become a dummy of attacks, and assist attacks to bypass many authentications,
                  or finished some instructions which attackers wanted.

                  We present the live demos in HITCON 2008, how to capture credit card numbers from online shopping.
                  how to bypass IC card from Web ATM banking. Just for educational purposes, DO NOT use for illegal.