| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 08 Dec 2010 11:30:29 +0000 From: Tim Gurney <tim.gurney@...gurney.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: Firefox Addon: KeyScrambler -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi This seems to contradict itself somewhat. A plugin to firefox should have no way to encrypt things at a driver level within the kernel, that would require installing seperate software at the root level, a plugin should not be able to do this and i would be VERY worried and surprised if it could as it would mean bypassing the security of the OS. Also if the driver is encrypting the key strokes and the plugin is decrypting, what about all the keystrokes that are not in firefox, like email, word processing, programming, there is nothing to decrypt these so you would end up only ever being able to use firefox on the machine and nothing else every again. personally I would not touch this with a barge pole and I would do a lot more more digging and checking into this. regards Tim On 08/12/10 11:12, mrx wrote: > Hi list, > > Is anyone familiar with the firefox addon KeyScrambler? According to developers this encrypts keystrokes. > > Quote: > "How KeyScrambler Works: > When you type on your keyboard, the keys travel along a path within the operating system before it arrives at your browser. Keyloggers plant > themselves along this path and observe and record your keystrokes. The collected information is then sent to the criminals who will use it to > steal from you. > > KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted > keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the > encrypted keys, which are completely indecipherable." > > Can this be trusted? As in trusted I mean not bypassed. > > Input from the professionals on this list would be much appreciated. > > Thank you > regards > Dave > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJM/2xVAAoJECz9jAxhaYr74HIH/0lBMfYk9oR1fTC5YQ51LSKq sAWUw+GH8jdbMN/Cx7eT9Ksp1qmebSRNKUHPLW+2HB3KD/mXm8t1qzbGV7FvXjuk h8ilY8N215VzfV4/MOcZ33+fsPFN7P4MPvA54tUAdNemIgNMPyEjeSmFFdPF0BHq ag0aXAxsMKZ7/aZQVYVmGBjWLqt1Y02/lEWgWqYzCy7X4ZRJpjvOS+ictKvhjbS1 6cpLNQqz9ShxLbH77m2kjQ9QAWXldIrefQokOgsGCOHwzxLHTwIsSBYBTpqvNDdF jZoNEYsSW/ZFxOim1tUpfb0iXlEFfL7XodvUiYh9LOtv2Uub9lCOu60Vmgg2gr8= =SitF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists