| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4CFF70B2.6090507@propergander.org.uk> Date: Wed, 08 Dec 2010 11:49:06 +0000 From: mrx <mrx@...pergander.org.uk> To: Dan Kaminsky <dan@...para.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Firefox Addon: KeyScrambler -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2010 11:36, Dan Kaminsky wrote: > Won't work against a hardware keylogger, as it gets the strokes before the driver does. I guessed that, although on occasions I do miss the obvious. > Won't work against any software aware of it; thread inject into Firefox to get the real keystrokes and it's game over. Or heck, simply pretend to be a firefox process to get the decryption key, assuming it's not fixed. I understand, So it's snake oil. > Would work against some stock, mass distributed keyloggers, I suppose? Protection from script kiddies only? I get the picture. Thanks for your input Dan. Regards Dave > Sent from my iPhone > > On Dec 8, 2010, at 3:12 AM, mrx <mrx@...pergander.org.uk> wrote: > > Hi list, > > Is anyone familiar with the firefox addon KeyScrambler? According to developers this encrypts keystrokes. > > Quote: > "How KeyScrambler Works: > When you type on your keyboard, the keys travel along a path within the operating system before it arrives at your browser. Keyloggers plant > themselves along this path and observe and record your keystrokes. The collected information is then sent to the criminals who will use it to > steal from you. > > KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted > keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the > encrypted keys, which are completely indecipherable." > > Can this be trusted? As in trusted I mean not bypassed. > > Input from the professionals on this list would be much appreciated. > > Thank you > regards > Dave > >> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTP9wsrIvn8UFHWSmAQJz4Qf/Rfxjc9roWD58xLqaroGhfkkkclNlvjWs D9qgctVnwvgVidhKvOxvBVLU0Nl5LLB/oNSpjEl09hUwBgdnwOIxSsgrzyniYM+V /6qcbK4GLMUPDec7g7zxGOyQ08JyzsLL2193gwVrrX3SJF2KeMp9LLy/Sn9qTU9J bu6DWrb57QaVqU4opmWAIQiCWSjyE7RV/SlCeiyc9MaZVEyw2j6QGtmoJlFkmewj 3B4p6Qx2AgMgzJcvBzRoO9QmzkkVH2CO5Mq4fqDeBNgkmR1DEsSTdVzTELRni0Ub aDNKLXr8cxtO6lrOjk5giLXtqdAGsStSCtRRjnlT3aU+4s0V6nDcaA== =atOR -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists