Full Disclosure mailing list archives

Re: Firefox Addon: KeyScrambler

From: Tim Gurney <tim.gurney () timgurney net>
Date: Wed, 08 Dec 2010 11:30:29 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

This seems to contradict itself somewhat. A plugin to firefox should
have no way to encrypt things at a driver level within the kernel, that
would require installing seperate software at the root level, a plugin
should not be able to do this and i would be VERY worried and surprised
if it could as it would mean bypassing the security of the OS.

Also if the driver is encrypting the key strokes and the plugin is
decrypting, what about all the keystrokes that are not in firefox, like
email, word processing, programming, there is nothing to decrypt these
so you would end up only ever being able to use firefox on the machine
and nothing else every again.

personally I would not touch this with a barge pole and I would do a lot
more more digging and checking into this.

regards

Tim

On 08/12/10 11:12, mrx wrote:

Hi list,

Is anyone familiar with the firefox addon KeyScrambler? According to developers this encrypts keystrokes.

Quote:
"How KeyScrambler Works:
When you type on your keyboard, the keys travel along a path within the operating system before it arrives at your 
browser. Keyloggers plant
themselves along this path and observe and record your keystrokes. The collected information is then sent to the 
criminals who will use it to
steal from you.

KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating 
system. When the encrypted
keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers 
can only record the
encrypted keys, which are completely indecipherable."

Can this be trusted? As in trusted I mean not bypassed.

Input from the professionals on this list would be much appreciated.

Thank you
regards
Dave


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJM/2xVAAoJECz9jAxhaYr74HIH/0lBMfYk9oR1fTC5YQ51LSKq
sAWUw+GH8jdbMN/Cx7eT9Ksp1qmebSRNKUHPLW+2HB3KD/mXm8t1qzbGV7FvXjuk
h8ilY8N215VzfV4/MOcZ33+fsPFN7P4MPvA54tUAdNemIgNMPyEjeSmFFdPF0BHq
ag0aXAxsMKZ7/aZQVYVmGBjWLqt1Y02/lEWgWqYzCy7X4ZRJpjvOS+ictKvhjbS1
6cpLNQqz9ShxLbH77m2kjQ9QAWXldIrefQokOgsGCOHwzxLHTwIsSBYBTpqvNDdF
jZoNEYsSW/ZFxOim1tUpfb0iXlEFfL7XodvUiYh9LOtv2Uub9lCOu60Vmgg2gr8=
=SitF
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Firefox Addon: KeyScrambler mrx (Dec 08)
- Re: Firefox Addon: KeyScrambler Dan Kaminsky (Dec 08)
  - Re: Firefox Addon: KeyScrambler mrx (Dec 08)
- Re: Firefox Addon: KeyScrambler Tim Gurney (Dec 08)
  - Re: Firefox Addon: KeyScrambler mrx (Dec 09)
    - Re: Firefox Addon: KeyScrambler Christian Sciberras (Dec 09)
    - Re: Firefox Addon: KeyScrambler mrx (Dec 09)
    - Re: Firefox Addon: KeyScrambler Christian Sciberras (Dec 09)
    - Re: Firefox Addon: KeyScrambler Gary Baribault (Dec 09)
- Re: Firefox Addon: KeyScrambler Julien Reveret (Dec 08)
  - Re: Firefox Addon: KeyScrambler mrx (Dec 09)
- <Possible follow-ups>
- Re: Firefox Addon: KeyScrambler Elazar Broad (Dec 09)
  - Re: Firefox Addon: KeyScrambler mrx (Dec 09)