Full Disclosure mailing list archives
Re: Firefox Addon: KeyScrambler
From: mrx <mrx () propergander org uk>
Date: Wed, 08 Dec 2010 11:49:06 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2010 11:36, Dan Kaminsky wrote:
Won't work against a hardware keylogger, as it gets the strokes before the driver does.
I guessed that, although on occasions I do miss the obvious.
Won't work against any software aware of it; thread inject into Firefox to get the real keystrokes and it's game over. Or heck, simply pretend to be a firefox process to get the decryption key, assuming it's not fixed.
I understand, So it's snake oil.
Would work against some stock, mass distributed keyloggers, I suppose?
Protection from script kiddies only? I get the picture. Thanks for your input Dan. Regards Dave
Sent from my iPhone On Dec 8, 2010, at 3:12 AM, mrx <mrx () propergander org uk> wrote: Hi list, Is anyone familiar with the firefox addon KeyScrambler? According to developers this encrypts keystrokes. Quote: "How KeyScrambler Works: When you type on your keyboard, the keys travel along a path within the operating system before it arrives at your browser. Keyloggers plant themselves along this path and observe and record your keystrokes. The collected information is then sent to the criminals who will use it to steal from you. KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the encrypted keys, which are completely indecipherable." Can this be trusted? As in trusted I mean not bypassed. Input from the professionals on this list would be much appreciated. Thank you regards Dave
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTP9wsrIvn8UFHWSmAQJz4Qf/Rfxjc9roWD58xLqaroGhfkkkclNlvjWs D9qgctVnwvgVidhKvOxvBVLU0Nl5LLB/oNSpjEl09hUwBgdnwOIxSsgrzyniYM+V /6qcbK4GLMUPDec7g7zxGOyQ08JyzsLL2193gwVrrX3SJF2KeMp9LLy/Sn9qTU9J bu6DWrb57QaVqU4opmWAIQiCWSjyE7RV/SlCeiyc9MaZVEyw2j6QGtmoJlFkmewj 3B4p6Qx2AgMgzJcvBzRoO9QmzkkVH2CO5Mq4fqDeBNgkmR1DEsSTdVzTELRni0Ub aDNKLXr8cxtO6lrOjk5giLXtqdAGsStSCtRRjnlT3aU+4s0V6nDcaA== =atOR -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Firefox Addon: KeyScrambler mrx (Dec 08)
- Re: Firefox Addon: KeyScrambler Dan Kaminsky (Dec 08)
- Re: Firefox Addon: KeyScrambler mrx (Dec 08)
- Re: Firefox Addon: KeyScrambler Tim Gurney (Dec 08)
- Re: Firefox Addon: KeyScrambler mrx (Dec 09)
- Re: Firefox Addon: KeyScrambler Christian Sciberras (Dec 09)
- Re: Firefox Addon: KeyScrambler mrx (Dec 09)
- Re: Firefox Addon: KeyScrambler Christian Sciberras (Dec 09)
- Re: Firefox Addon: KeyScrambler Gary Baribault (Dec 09)
- Re: Firefox Addon: KeyScrambler mrx (Dec 09)
- Re: Firefox Addon: KeyScrambler Dan Kaminsky (Dec 08)
- Re: Firefox Addon: KeyScrambler mrx (Dec 09)
- <Possible follow-ups>
- Re: Firefox Addon: KeyScrambler Elazar Broad (Dec 09)
- Re: Firefox Addon: KeyScrambler mrx (Dec 09)