Top

Screen Capture Trojans Penetrate Bank Security

August 12, 2008 by Victor · Leave a Comment 

In hopes of fighting Internet fraud, some online banking sites make customers use “virtual keypads” — a method of entering passwords on the screen, generally with a mouse.The system is designed to thwart keystroke-logging programs that capture everything a user types. Now those virtual keypads appear just as vulnerable to snoops.

A Spanish security company, Hispasec Systems, has revealed details of “Trojan horse” programs that can capture video imagery of an unsuspecting person’s computer use. If the user enters a PIN on a bank’s virtual keypad, the dastardly program is a witness.

Like most Trojan horses, the ones detected by Hispasec are slipped onto users’ computers when they visit certain Web sites, often through spam links, said Hispasec researcher Bernardo Quintero. Often, users have no clue if they were hit. When Quintero’s group tested whether more than 30 anti-virus programs would block a recent video-logging Trojan, only six did so.

Gartner Inc. security analyst Avivah Litan said screen-capture programs that attacked virtual keypads emerged as early as 2003, when banks in Brazil fell prey. She said the technique has remained relatively rare because the programs consume a lot of bandwidth and storage, and there have tended to be a lot of easier targets.

But that may be changing. Quintero said Wednesday that a newly detected Trojan combines keystroke-logging and video-capture functions — and instead of recording the entire screen, the program just grabs images of the immediate area near where the user clicks the mouse. The spy receives a smaller file, making the attack easier to pull off.

All this points to an enduring security truth: No single measure — especially one that is apparent to fraud artists — is likely to guarantee safety.

Litan says banks would be wise to focus more resources on behind-the-scenes software that can analyze Web banking sessions to gauge their legitimacy.

“Banks should stop implementing patchwork solutions and get it right the first time,” she said.

source: The Associated Press

Capturing screenshots and data from Garmin GPS devices

August 12, 2008 by Victor · 5 Comments 

The market of navigational products is cluttered with a multitude of manufacturers, solutions, and products. Historically, Garmin came out as one of the most popular manufacturers of portable handheld GPS devices.

While industrial and military consumers tend to use high resolution frame grabbers in order to capture the screen from advanced GPS devices with VGA outputs, this is not an option for those users that have small personal GPS receivers.

There are several ways to capture the screen of a Garmin GPS device for free:

  1. Using xImage software supplied by Garmin. (last update in 2005)
  2. Using G7ToWin software developed by Ron Henderson. (last update in 2008)
  3. Using the DNR Garmin application written by the Minnesota Department of Natural Resources. (last update in 2008)

Due to the fact that there are a lot of different Garmin GPS models, not all software programs will work with all Garmin devices. The G7ToWin application also has limited functionality with Magellan GPS receivers. All of the software packages listed above are available as free downloads.

xImage

Installation of the xImage software is easy. Download the last release from here, launch the file, and follow the on-screen instructions. You can the launch the xImage application from the Garmin submenu in the Windows Start Menu. The GPS must then be connected via USB or serial port for the software to be able to locate it.

Follow these instructions in order to capture a screenshot from your Garmin GPS device. Remember that the GPS must be connected to the capturing computer at the time of the screen capture.

1. Connect your device to your computer.  Verify that you have selected the ‘Garmin’ I/O format on your GPS unit.  See your GPS unit’s owner’s manual for more information.

2. Open xImage and click Next.

3. After a few moments, your device should be listed in the Device Settings window.  If not, click Find Device.  xImage finds the connected device.  If you have multiple devices connected to your PC, select the desired device from the drop down list.

4. Click Next.

5. Select Get images from the GPS, then click Next.

6. Select ‘Screen Shot’ in the Image Type field.

7. Verify that the desired screen is currently displayed on your GPS.

8. Click Next.

9. Select the desired location on your PC, enter a file name for the screen shot, and click Save.  The screen shot is saved as a .bmp file on your PC.  xImage displays a preview of the screen shot.

10. Click Finish to close xImage.

NOTE: You can also click Back to return to a previous screen and perform additional tasks.

G7ToWin

Download G7ToWin from here and install by following the prompts. Once the software is installed and your GPS device is connected, the G7ToWin software will bring you to a main screen that displays all of the waypoints saved in the GPS.

From here, the “Get and Show Display Bitmap” option must be selected from the GPS menu. This takes a screenshot of what is currently being shown on the GPS and saves it to the local hard drive. As well, the Ctrl+D keystroke combination may be pressed to grab the GPS’ screen at any time.

DNR Garmin

DNR Garmin may be downloaded from here. This application was created by the Minnesota Department of Natural Resources for their internal use, but the department also released the software to the public as a free download. This software is designed for power users and has many advanced functions.

Once the software is instalelled and the GPS receiver is synchronized with the DNR Garmin software, taking a screenshot is as easy as going to the GPS menu, and selecting “Garmin Screen Shot”. The program will then prompt you for a location of where to save the screenshot .bmp file.

Conclusion

xImage, G7ToWin, and DNR Garmin are all capable of saving the contents of the Garmin GPS’ screen to a BMP file on the computer the GPS is connected to, whether it be through a USB or serial port. Note that it is not possible to capture a screenshot of the GPS device when it is not connected to a computer on which one of these software packages is installed.

Using this software, there is also no way to automate the capture proccess or have the GPS screen’s output captured as a movie. This would be useful for archiving or creating instructional videos, for example. If real-time and automated screen capture is required, then a device with a VGA or DVI output coupled with one of these frame grabbers would allow the user to have that functionality.

Online applet allows users to share their screens for free

August 11, 2008 by Victor · 1 Comment 

The market is full of applications designed to share, webcast, or broadcast a user’s computer screen over the web. What separates this application apart from the competition is that it’s a web-based applet. Vyew (pronounced “view”) is compatible with all recent browsers (Internet Explorer, Firefox, Safari etc) and platforms (Windows, Mac or Linux). All that the user needs in order to use this application is Java and Flash installed on their PC.

Vyew is a great altenative to programs like PCAnywhere, TightVNC, that require you to install software on the source and target computers. What’s more, the free version of Vyew does not require you to sign in to the website, allowing the user to initiate the entire desktop sharing proccess in a matter of seconds.

Usability

Operation of the Vyew applet is extremely simple. Start by going to Vyew.com. From there, click on “Start Sharing Desktop.”

Save the URL that is given to you and give it to all those that you would like to share your screen with. This is the address that your viewers will use in order to log into your Vyew session. Now click on “start sharing my desktop”.

You will get a warning for allowing the applet access to your computer. Press “Yes”.

Now when any of your viewers enter the URL that was supplied to you before the webcast was started, they will see everything that you are doing on your desktop in real time. The viewers can chat with the broadcaster by clicking on the little tab visible on the left side of their screen.

Quality

Vyew tracks the cursor of the source machine, and this is the reason why all cursor movements are very fast and accurate. The free version of Vyew is only able to perform screen capture at a rate of about 1-2 frames per second, thus everything on the screen of the viewer is visibly slow. The person sharing must always rembember this and avoid doing things so fast that the Vyew refresh rate cannot keep up.

The resolution, picture quality, and sharpness in Vyew is very good. Even fine print is perfectly readable and all images are still fairly sharp.

Here you can see a resolution chart that was broadcast to a remote user through Vyew. It is still sharp and retains most of its’ quality. This is great for not just general remote desktop sharing, but also showing presentations, spreadsheets, and Word documents.

Conclusion

Overall, Vyew is a pretty impressive web-based application. There are no intrusive advertisements on the Vyew website, which is another pleasant surprise for a free service like this. There is only a small banner ad in the top right corner. All of the free screen sharing sessions go through the Vyew servers over an unencrypted connection and do not offer the user any options to protect their content. Simulat, the company that makes this applet, hopes that some users will subscribe to their pay service, which offers features like encryption, voice and webcam broadcasting, advanced teleconferencing, and archiving.

While it is unfortunate that more advanced features like audio sharing were not included in the free version and that the refresh rate is so slow that only static pictures and text can be broadcast, the functionality and ease of use of Vyew is still pretty impressive for a completely free service. This applet is perfect for those that need to share their desktop only once in a while and without any hassles.

New free software allows users to turn screenshots into mobile phone wallpaper

August 11, 2008 by Victor · Leave a Comment 

How often have you seen a photo or picture online that would look great as your cell phone background/wallpaper? Wouldn’t it be nice if you could just press one button and any picture on your PC would be formatted to the size of your cell phone’s screen?

Traditionally, one would find out the size of their mobile phone screen and then resize or crop the picture using image processing software. This can be a difficult task if you don’t know the size of your mobile phone screen in pixels.

This is where Weys comes in. Weys stands for “WhatEver You See” and is a completely free software program that allows the user to take a screen capture of their desktop PC and save it as an image the size of their mobile phone screen. The user can then upload the saved image to their mobile phone from their computer. Think of it as doing a PrintScreen to cell phone.

Screenshot of Weys in action

When the software is launched, a prompt comes up asking for the model of the mobile phone or the phone’s screen size in pixels. From there, you are able to select an area of the screen the size of your mobile phone’s screen and save it as a picture file (JPEG).

Weys can be downloaded here. This software is available for Windows only.

PrintScreen from Windows XP or Vista on a MAC

August 11, 2008 by Victor · 2 Comments 

The new generation of Intel-powered Apple computers fully supports Windows XP and Vista through BootCamp. But, due to the fact that the MAC keyboard has less keys than that of its PC counterpart, the indispensable “Print Screen” function, which lets one take a screenshot of the screen, is no longer apparent to the average user.

In order to launch the “PrintScreen” function from a Mac running Windows XP or Windows Vista through BootCamp, including MacBook, MacBook Pro, MacBook Air, Mac Mini, or Mac Pro, you must first verify if the F1-F12 keys on your machine are controlling software or hardware features of the computer. To do this, you must first access the Keyboard tab of the “Boot Camp” icon in the Windows Control Panel and check if the “Use F1-F12 keys to control software” option is selected.

If the option is selected, then the following shortcuts must be used to perform the PrintScreen command in Windows:

Shift + F11 to capture the entire screen


Alt + Shift + F11 to take screenshot of the active window only

If the “Use F1-F12 keys to control software” option is unselected and the F1-F12 keys are used to control hardware features, then the following combination of keys is to be used to perform a printscreen:

Shift + fn + F11 to capture the entire screen


Alt + Shift + fn + F11 to capture a screenshot of the active window only

You have now emulated the PrintScreen key of a PC keyboard on your Mac!

Epiphan Systems VGA2USB LR

August 1, 2008 by Victor · 2 Comments 

A Thorough Look at the VGA2USB LR from Epiphan Systems

The Basics

I needed a quality VGA capture solution but didn’t want to spend a fortune on it. At just under $800, the VGA2USB LR from Epiphan Systems seemed to be exactly what I wanted. In this review, I will look at the good and bad of this tiny frame grabber and explain its features.

The Box

The packaging for the VGA2USB LR is pretty standard. Like other computer components, it comes in a simple flip-top cardboard box with specifications and a list of components that should be inside the box. Upon opening the box, the VGA2USB LR is nicely packed in the center with a transparent molded plastic cover over it. It is pretty simple, yet gives off a very good impression. The one thing that catches your eye right away is the “No CD Included” writing. It is actually quite surprising that a product of this price has no installation or driver disks included. This is probably due to the fact that Epiphan issues regular driver and software updates on its website. The box also contains a small instruction booklet to help you get running, USB and VGA cables, and, to my delight, a universal power supply with several plugs that can be used in both Europe and North America. Even though this might not be a big advantage, I found this to be a pleasant surprise.

The VGA2USB LR comes in pretty standard packaging

As soon as you open the box, the device reveals itself. All the cables are buried beneath the cover.

The LR comes with an impressive set of accessories. This includes a manual, USB cable, VGA cable, passive VGA Y-splitter, male-to-male VGA adapter, and a universal power adapter with plugs for North America, Europe, Australia, and UK.




The Device

Epiphan Systems makes the only external, portable frame grabbers in the world, so there is not much that they can be compared with.

Overall, the design of the VGA2USB is very sleek and pleasing to look at. It is of a nice orange color and it is made entirely of brushed aluminum, which makes the device feel very solid in your hands. The whole thing is about the size of a credit card in terms of length and width, and about an inch (~2.5cm) in height.

The cables included are what one would expect, including the standard USB mini-B cable and the male-to-male VGA cable. The little plugs included with the universal power adapter seem flimsy at first but clip into the adapter housing very snugly and should not break.

The VGA2USB LR is of a gold/orange color.

It is a fairly small device and is of rectangular shape when viewed from top.

In fact, the VGA2USB LR is about the size of a credit card (width x height).

The serial number, FCC and CE certifications are printed out on the back of the device. The VGA2USB LR is made in Canada.


Installing

Installation of the VGA2USB LR on a Windows XP machine is pretty straight forward. Plugging the device in and letting Windows find the drivers through Windows Update did not yield any results. The drivers must be downloaded from the “Download” section on the Epiphan Systems website.

During the installation of the drivers, Windows XP gives a warning of the drivers not passing the “Windows Logo Test.” This happens often with devices of small manufacturers and is not a big deal. Just press “Continue” to finish the installation.

The Epiphan VGA2USB software gets automatically installed with the drivers. Unfortunately, Epiphan did not give the user the choice of installing the drivers and software separately. What’s more, the drivers can only be downloaded with the new version of the software and vice-versa. This is surprising as the VGA2USB LR does not need specific VGA2USB software in order to be able to function via other WDM-capable software such as Windows Media Encoder.

VGA2USB LR appears as a high-resolution video camera under My Computer

The Software

The software included with the VGA2USB LR seems pretty simple at first but actually has a lot of settings and various “tweaking” capabilities to provide the user with the best possible picture. In most of the capture environments that I was testing in, I found that, most of the time, the software does a good job at capturing the picture.

The software displays the capturing resolution, update rate, and monitor refresh rate in the lower right corner of the window.

In order to start the capturing process, one must simply plug the USB, power, and VGA cables into the VGA2USB LR. The VGA and USB cables need to be plugged into the source and target computers. The power cable is also required. Once everything is plugged in and the software is started, the VGA2USB software automatically “tunes” the resolution and frame rate to the output of the VGA source.

When the VGA, USB, and power cables are connected to the VGA2USB LR, the LR automatically tunes to the source signal.


The USB and VGA cables must be plugged into the target and source machines, respectively.

Configuration

The VGA2USB LR can be configured in several locations. A “VGA2USB” icon now appears in the Windows XP Control Panel. Selecting it will display a list of all VGA2USB devices connected to the computer along with the devices’ respective serial numbers. Once a VGA2USB device is selected, you will see that the “Use default configuration parameters” radio box is selected. You may configure advanced settings of each frame grabber by selecting the “Maintain device-specific configuration” radio box and then clicking on the “Configure Device…” button. Here, expert users can adjust sampling phase, PLL adjustment, horizontal shift, vertical shift, offset, and gain of the captured picture. As the VGA2USB LR comes with DirectShow (also known as Video for Windows) drivers, the device appears as a high resolution camera and can be used with virtually any capture software. If you are using DirectShow software instead of the included program, several settings may be adjusted under the “DirectShow” tab.

Several configuration settings also exist within the VGA2USB software itself. Selecting “Options..” from the Tools menu lets the user set the codec or image compression to be used during the recording. The user has the ability to limit the captured frame rate, which is useful when the file size of the captured output needs to be reduced. This screen also lets the user choose the display format randing from black and white to 24 bit RGB. There are also other options like flipping the image vertically or inverting the colors for printing (see screenshot).

The VGA2USB software also has a built-in broadcast/webcast option, and the quality settings of the compression can be configured under the “Sharing” tab. In that tab, you will notice that there are two sliders – “Lossless” and “Lossy.” These two options are not explained anywhere and can be confusing for those that do not have experience with video compression. Increasing the “Lossless” slider will yield higher sharpness in distinct parts of a frame, such as small text or complex diagrams. Increasing the “Lossy” slider will yield to higher sharpness in less distinct parts of the image, such as in blank areas or pictures with low details. The sharing/webcasting feature of the VGA2USB LR will be discussed later in this review.

The Epiphan VGA2USB icon now appears under the Windows XP Control Panel

Clicking on the VGA2USB icon will reveal a list of connected devices and allow you to configure the device settings.

An array of adjustments is found under the “Configure Device” option.

More options, such as those for broadcasting, are found within the VGA2USB software itself.



Recording
Recording through Epiphan’s VGA2USB software is very simple. As soon as the VGA2USB LR is powered on and connected to the VGA source and the USB on the target computer, just fire up the software and press on the round “Record” button near the top of the window. The software will ask you where you would like to save the video to and will start recording once you give it the location. Wasn’t that easy?

Below is a short video clip captured by the VGA2USB LR at a resolution of 1280 x 1024. The XVid codec was used to compress the video at medium quality. Note that the resolution chart at the beginning and end of video is of ideal quality. There are no visible artifacts in the fast-motion YouTube video, and the captured image looks like a 1:1 copy of the VGA output.

Download Video (.avi; Xvid codec; 58sec; 7.31MB)

Screenshots can also be made by going selecting File>Save As.. Similarly, a screenshot can be instantly printed by selecting File>Print.

The image above was captured from a laptop running Windows Vista.



Broadcasting

As stated earlier in this review, the VGA2USB LR can be used to broadcast a VGA signal. One way to do this is to use a webcasting program like Windows Media Encoder or QuickTime Broadcaster. This option is best for power users as this allows for lots of customization and quick integration into websites and applets. Using a third party webcast software is also the only way to simultaneously broadcast VGA and audio over one stream.

For those users, however, who just need to share the VGA signal captured by the live VGA2USB LR over the web and do not want to deal with any confusing settings or configurations, Epiphan Systems included a simple one-click “Web Broadcasting” option which can be accessed from the Tools menu.

This has got to be the simplest broadcasting feature that I’ve ever used. As soon as the “Web Broadcasting” option is selected, the program provides the user with an address that should be given to those who the webcast is being shared with. The viewers then go to the address provided to view the broadcast.

No configuration is involved, which is what makes the broadcast feature so nice. On the other hand, the broadcast feature is labeled as a “Demo,” even though no software limitations seem to be present. Unfortunately, there is no way to schedule your broadcast or encrypt the data. In order to get these features you would either have to purchase the VGA2WEB or use a third party broadcasting solution (a few tutorials can be found one Epiphan’s web site).

The quality of the broadcast is pretty good. The picture is sharp and the refresh rate is fairly high, depending on the amount of movement in the original VGA source image. Of course, as stated earlier in this review, the user does have a limited amount of control over the trade-off between speed and quality, but that is as far as configuration goes in the VGA2USB software from Epiphan Systems.

This is what the http://vga2usb.epiphan.com interface looks like for the viewer. Clicking the magnifying glass icon in the top left allows the viewer to zoom in on the picture.

Internals

For those power users who want to know exactly what they are working with, I ventured to disassemble the VGA2USB LR to have a look at the components that make this device work.

At the core of the VGA2USB is a XILINX Spartan-3 XC3S400 programmable FPGA. This FPGA is part of the new and most recent Spartan-3 family of “Field Programmable Gate Arrays” and is programmed by the manufacturer. It has 400 000 system gates and 8 064 logic cells.

The on-board ADC (analog to digital converter) is manufactured by NXP, a former division of Philips Electronics. It is the TDA8754HL model, which is a very capable triple 8-bit ADC and runs up to 270 Msample/s. It is optimized for RGB/YUV signals (also known as VGA) and supports resolutions of up to 2048 x 1536 at 85 Hz, even though the VGA2USB LR handles resolutions of up to 1280 x 1024. Detailed specs are listed below:

  • 3.3 V power supply
  • Temperature range from -10Cel to +70Cel
  • Triple 8-bit ADC:
    • 0.25 LSB Differential Non-Linearity (DNL)
    • 0.6 LSB Integral Non-Linearity (INL)
  • Analog sampling rate from 12 Msample/s up to 270 Msample/s
  • Maximum data rate:
    • Single port mode: 140 MHz
    • Dual port mode: 270 MHz
    • 3.3 V LV-TTL outputs
  • PLL control via I2C-bus:
    • 390 ps PLL jitter peak to peak at 270 MHz
    • Low PLL drift with temperature (2 phase steps maximum)
    • PLL generates the ADC sampling clock which can be locked on the line frequency from 15 kHz to 150 kHz
    • Integrated PLL divider
    • Programmable phase clock adjustment cells
  • Three clamp circuits for programming a clamp code from -24 to +136 by steps of 1 LSB (mid-scale clamping for YUV signal)
  • Internal generation of clamp signal
  • Three independent blanking functions
  • Input:
    • 700 MHz analog bandwidth
    • Two independent analog inputs selectable via I2C-bus
    • Analog input from 0.5 V to 1 V (p-p) to produce a full-scale ADC input of 1 V (p-p)
    • Three controllable amplifiers: gain control via I2C-bus to produce full-scale peak-to-peak output with a half LSB resolution
  • Synchronization:
    • Frame and field detection for interlaced video signal
    • Parasite synchronization pulse detection and suppression
    • Sync processing for composite sync, 3-level sync and sync-on-green signals
    • Polarity and activity detection
  • IC control via I2C-bus serial interface
  • LQFP144 and LBGA208 package:
    • LBGA208 package pin-to-pin compatible with TDA8756

The USB communications are handled by a Cypress Semiconductor CY7C68013 chip. The on-board buffer memory is comprised of a single 16MB RAM chip (Z9DNC) from Micron.

The circuit board is easy to remove as it sits on rails within the VGA2USB LR housing and is held on by two long screws.

The VGA2USB LR board is pretty standard. It looks like there is a location for another RAM chip but it is not used. The quality of the soldering is what one would expect for such a product.


The large aluminum foil-like pad is a thermal pad which is used to cool the NXP ADC. It functions similarly to a heatsink, but is not as effective. The circuit board also contains the year of manufacture, revision, and serial number. Surprisingly, the revision of my LR board had “VGA2USB Pro” written on it, which makes me believe that the same PCB is used in the PRO version of the VGA2USB. This would also explain the empty location for RAM memory.

Why frame grabbers?

A question that may arise is why use frame grabbers at all when there is plenty of great screen capture software on the market? There are several good reasons why an external frame grabber like the VGA2USB actually works best in most situations.

Firstly, I need to take screenshots and videos of obscure screens such as a computer BIOS screen and boot screens. Images from these screens cannot simply be grabbed using a pure software solution, as no software can be running at this point.

Secondly, in order to capture images off of embedded devices that have a VGA output but do not run any operating system, such as GPS, radar, ultrasound, electronic microscopes, video game consoles and high resolution cameras, a frame grabber is required in order to record the VGA or DVI signal from the output.

Finally, a frame grabber is the most secure screen capture solution available. It requires no modification to the source device as it simply taps into the VGA stream (often using a VGA splitter). This means that no security issues are raised, as no additional software has to be installed on the source. What’s more, the captured recording is a 1:1 copy of the signal.

Why VGA2USB LR?


Some may be wondering why I chose to purchase the $800 VGA2USB LR over the cheaper $300 base VGA2USB model, or even over the VGA2USB HR. The reason is that I found the VGA2USB LR to be the better “deal” out of all of the frame grabber models that Epiphan offers. The $300 VGA2USB model has an interlaced image grab (results in artifacts and poor quality) while the VGA2USB LR has all the features of its more advanced siblings (VGA2USB HR and VGA2USB PRO) such as integrated buffer memory, proprietary precompression, and a lossless progressive image grab. At the same time, the VGA2USB LR is half the price of the better HR model. The only limitation that the LR model has is that the maximum capture resolution is 1280 x 1024, which happens to be enough for all of my VGA capturing and recording needs.

Quality of VGA2USB LR

The capture quality of the VGA2USB LR is as expected from an $800 device. The images are lossless and of very high quality. Video is captured at rates of around 30 frames per second and is also of extremely good quality. Overall, this product does exactly what the manufacturer describes – captures lossless images and videos at resolutions of up to 1280 x 1024.

The only problems that I’ve had when testing the LR’s video capture is with lots of movement in the picture. As soon as there is lots of changes in the picture from frame to frame, the capture rate can fall as to as low as 10 updates per second. While the frame sharpness and quality is still at a very acceptable level, this makes the video appear choppy and “slow”. Thus, the VGA2USB LR would not be a good choice if you are planning to capture, for example, an HD movie with lots of action scenes.

See below for example captures:



A BIOS screen is simple to capture with the VGA2USB LR frame grabber.

VGA2USB LR at 1280 x 1024 resolution. Capture of resolution chart.

Original resolution chart. Note how quality of the original is almost identical to the chart captured by the VGA2USB LR.

« Previous Page

Bottom