-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2010 11:36, Dan Kaminsky wrote: > Won't work against a hardware keylogger, as it gets the strokes before the > driver does.
I guessed that, although on occasions I do miss the obvious. > Won't work against any software aware of it; thread inject into Firefox to > get the real keystrokes and it's game over. Or heck, simply pretend to be a > firefox process to get the decryption key, assuming it's not fixed. I understand, So it's snake oil. > Would work against some stock, mass distributed keyloggers, I suppose? Protection from script kiddies only? I get the picture. Thanks for your input Dan. Regards Dave > Sent from my iPhone > > On Dec 8, 2010, at 3:12 AM, mrx <m...@propergander.org.uk> wrote: > > Hi list, > > Is anyone familiar with the firefox addon KeyScrambler? According to > developers this encrypts keystrokes. > > Quote: > "How KeyScrambler Works: > When you type on your keyboard, the keys travel along a path within the > operating system before it arrives at your browser. Keyloggers plant > themselves along this path and observe and record your keystrokes. The > collected information is then sent to the criminals who will use it to > steal from you. > > KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard > driver level, deep within the operating system. When the encrypted > keystrokes reach your browser, KeyScrambler then decrypts them so you see > exactly the keys you've typed. Keyloggers can only record the > encrypted keys, which are completely indecipherable." > > Can this be trusted? As in trusted I mean not bypassed. > > Input from the professionals on this list would be much appreciated. > > Thank you > regards > Dave > >> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTP9wsrIvn8UFHWSmAQJz4Qf/Rfxjc9roWD58xLqaroGhfkkkclNlvjWs D9qgctVnwvgVidhKvOxvBVLU0Nl5LLB/oNSpjEl09hUwBgdnwOIxSsgrzyniYM+V /6qcbK4GLMUPDec7g7zxGOyQ08JyzsLL2193gwVrrX3SJF2KeMp9LLy/Sn9qTU9J bu6DWrb57QaVqU4opmWAIQiCWSjyE7RV/SlCeiyc9MaZVEyw2j6QGtmoJlFkmewj 3B4p6Qx2AgMgzJcvBzRoO9QmzkkVH2CO5Mq4fqDeBNgkmR1DEsSTdVzTELRni0Ub aDNKLXr8cxtO6lrOjk5giLXtqdAGsStSCtRRjnlT3aU+4s0V6nDcaA== =atOR -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
