KeyScrambler won"t run in IE

Hi,

I installed KeyScrambler 1.3.1 via FireFox extensions, and checked the
box to add the Internet Explorer (IE) plugin too. It works in Firefox,
but there's not indication it's running in IE.

I then went to the home page for KeyScrambler, and installed 1.3.2 for
both Firefox and IE. Again, it works in Firefox, but not in IE. The
KeyScrambler page shows the window I'm supposed to be seeing in IE.
The FAQ says nothing about any problems with the product actually
working in IE. (The page I went to to test it was Yahoo Mail - the
personal free version of KeyScrambler only becomes active on login
type pages.)

Thanks for any help getting KeyScrambler working in IE.

Re: KeyScrambler won"t run in IE

gv wrote:

> I installed KeyScrambler 1.3.1 via FireFox extensions, and checked the
> box to add the Internet Explorer (IE) plugin too. It works in Firefox,
> but there's not indication it's running in IE.


This is comp.security.misc. At the name implies, we're discussing computer
security. Neither this KeyScrambler snakeoil nor the
often-abused-as-webbrowser IE have anything to do with security.

Re: KeyScrambler won"t run in IE

"Sebastian G." wrote in
news:5or64vFneb4rU1@mid.dfncis.de:

> gv wrote:
>
>> I installed KeyScrambler 1.3.1 via FireFox extensions, and checked
>> the box to add the Internet Explorer (IE) plugin too. It works in
>> Firefox, but there's not indication it's running in IE.
>
> This is comp.security.misc.

"This" is a crossposted message. :-(

> At the name implies, we're discussing
> computer security. Neither this KeyScrambler snakeoil nor the
> often-abused-as-webbrowser IE have anything to do with security.

Indeed. From the website:

[quote]
KeyScrambler Personal encrypts your keystrokes at the kernel driver level
to protect your login information from keyloggers.

When you type on your keyboard, the keys travel along a path within the
operating system before it arrives at your browser. Keyloggers plant
themselves along this path and observe and record your keystrokes. The
collected information is then sent to the criminals who will use it to
steal from you.
[/quote]

Any computer that has a keylogger on it is hosed. The user would need to
wipe the disk and reinstall their OS.

Re: KeyScrambler won"t run in IE

bealoid wrote:


> Any computer that has a keylogger on it is hosed. The user would need to
> wipe the disk and reinstall their OS.


Woah, not so fast. Wiping the user account and all programs he had access to
should be sufficient.

Re: KeyScrambler won"t run in IE

"Sebastian G." (07-10-31 12:54:08):

> > Any computer that has a keylogger on it is hosed. The user would
> > need to wipe the disk and reinstall their OS.
>
> Woah, not so fast. Wiping the user account and all programs he had
> access to should be sufficient.

Unless the user has administrative privileges, which is the usual case.


Regards,
Ertugrul Söylemez.


--=20
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.

Re: KeyScrambler won"t run in IE

"Sebastian G." wrote in
news:5or8n0FnqmajU1@mid.dfncis.de:

> bealoid wrote:
>
>
>> Any computer that has a keylogger on it is hosed. The user would
>> need to wipe the disk and reinstall their OS.
>
>
> Woah, not so fast. Wiping the user account and all programs he had
> access to should be sufficient.

Okay, but I was assuming it was a typical windows user who ran everything
from an account with admin rights.

Re: KeyScrambler won"t run in IE

Ertugrul Soeylemez wrote:

> "Sebastian G." (07-10-31 12:54:08):
>
>>> Any computer that has a keylogger on it is hosed. The user would
>>> need to wipe the disk and reinstall their OS.
>> Woah, not so fast. Wiping the user account and all programs he had
>> access to should be sufficient.
>
> Unless the user has administrative privileges, which is the usual case.


And/or had the ability to gain such, as for what the Power Users group in
Win2K+ is.

Re: KeyScrambler won"t run in IE

bealoid wrote:


> Okay, but I was assuming it was a typical windows user who ran everything
> from an account with admin rights.


Which minds another question: What about malware hosing the BIOS?

Re: KeyScrambler won"t run in IE

"Sebastian G." wrote in
news:5osiasFohfakU3@mid.dfncis.de:

> Which minds another question: What about malware hosing the BIOS?


No need to speculate - the Chernobyl virus would indeed trash some BIOSes.

Regards,

Re: KeyScrambler won"t run in IE

nemo_outis wrote:

> "Sebastian G." wrote in
> news:5osiasFohfakU3@mid.dfncis.de:
>
>> Which minds another question: What about malware hosing the BIOS?
>
> No need to speculate - the Chernobyl virus would indeed trash some BIOSes.

I rather thought about constructively hosing the BIOS by adding a rootkit,
f.e. as presented on DevCon '06. This is really to miracle, since a typical
Award or AMI BIOS consists primarly of a little bootstrap code, a
decompressor and a list of LHARC or ZIP compressed BLOBs of
position-independent code. Just write your own code, compress it, add it to
the list and write back the result. The typically free space ranges from 6K
to 48K, that's more than enough to complete hook the entire boot process of
Windows. On AMD CPUs, you can even introduce your very own microcode update
pretty easily.

Re: KeyScrambler won"t run in IE

On Oct 31, 6:10 am, "Sebastian G." wrote:
> gv wrote:
> > I installed KeyScrambler 1.3.1 via FireFox extensions, and checked the
> > box to add the Internet Explorer (IE) plugin too. It works in Firefox,
> > but there's not indication it's running in IE.
>
> This is comp.security.misc. At the name implies, we're discussing computer
> security. Neither this KeyScrambler snakeoil nor the
> often-abused-as-webbrowser IE have anything to do with security.


Yes, idiot, this group is about security. Passwords are about
securty. Keyscrambler encrypts keystrokes, and decrypts them for an
application (IE), defeating most keyloggers.
Thus Keyscrambler is about security.

Re: KeyScrambler won"t run in IE

On Oct 31, 6:34 am, bealoid wrote:
> "Sebastian G." wrote innews:5or64vFneb4rU1@mid.dfncis.de:
>
> > gv wrote:
>
> >> I installed KeyScrambler 1.3.1 via FireFox extensions, and checked
> >> the box to add the Internet Explorer (IE) plugin too. It works in
> >> Firefox, but there's not indication it's running in IE.
>
> > This is comp.security.misc.
>
> "This" is a crossposted message. :-(
>
> > At the name implies, we're discussing
> > computer security. Neither this KeyScrambler snakeoil nor the
> > often-abused-as-webbrowser IE have anything to do with security.
>
> Indeed. From the website:
>
> [quote]
> KeyScrambler Personal encrypts your keystrokes at the kernel driver level
> to protect your login information from keyloggers.
>
> When you type on your keyboard, the keys travel along a path within the
> operating system before it arrives at your browser. Keyloggers plant
> themselves along this path and observe and record your keystrokes. The
> collected information is then sent to the criminals who will use it to
> steal from you.
> [/quote]
>
> Any computer that has a keylogger on it is hosed. The user would need to
> wipe the disk and reinstall their OS.

Then 95% of all computers manufactured are "hosed" - and wiping/
reinstalling an OS won't help that. The original keylogger, which used
that exact term, was developed by the NSA, and was developed long
before the advent of the internet. It finally became publicly known
about around 1992, when a federal court ruled on admissablily of
evidence obtained by the FBI while using it. The ruling said the
government did not have to reveal how it worked, and that remains
classified. Using that technology the government can record keystokes
with instruments nearby 95% of all computers, without having to
install any software on the computer. However it works, it's built
into the computer. One type of keylogger used by the FBI was found to
work by queuing keystrokes in a rolling buffer, and the buffer was
transmitted (radio waves) if it received a query (also radio waves).
This was built into the laptop when it was manufactured. It was
speculated that this was intentionally exposed to cover for the main
keylogger technology, which is supposed to be more subtle. - I
don't know if Keyscrambler would help with that - I doubt it - but it
keeps the non-government types from stealing your passwords.

Re: KeyScrambler won"t run in IE

gv wrote in
news:1193878877.986284.64690@v3g2000hsg.googlegroups.com:

> I
> don't know if Keyscrambler would help with that - I doubt it - but it
> keeps the non-government types from stealing your passwords.

Keyscrambler does not stop non-government types from stealing passwords.
If the bad guys have installed malware on your machine there is *nothing*
that you can do -and certainly not with a browser plugin- that can help.

I've snipped the rest because TEMPEST technique discussions are stupid and
pointless - anyone who needs to worry about agencies using TEMPEST should
be skilled enough to not need to worry whether they've got keylogging softs
installed.

Re: KeyScrambler won"t run in IE

gv wrote:

Keyscrambler encrypts keystrokes, and decrypts them for an
> application (IE), defeating most keyloggers.

> Thus Keyscrambler is about security.

HANDLE ie = GetWindowHandleByName(L"Internet Explorer");
PostMessage(ie,WM_GETTEXT);
PostMessage(ie,,WM_COPY);

Nuff said.

Re: KeyScrambler won"t run in IE

gv wrote:

> The ruling said the
> government did not have to reveal how it worked, and that remains
> classified. Using that technology the government can record keystokes
> with instruments nearby 95% of all computers, without having to
> install any software on the computer. However it works, it's built
> into the computer. One type of keylogger used by the FBI was found to
> work by queuing keystrokes in a rolling buffer, and the buffer was
> transmitted (radio waves) if it received a query (also radio waves).


Stop your conspirancy theory and talk about the facts. Today you can easily
buy a keylogger fro $50 which consists of about half a centimeter of casing
with one side being a USB plug female, the other side USB plug male. Put it
in between the computer's USB port and the USB keyboard, and no user would
ever notice it. Records all keystrokes for basically eternity.

As for laptops: The internal keyboards connect through a little cable to an
internal port with the PS/2 communication protocol. Easy to add a little
chip in between.

Re: KeyScrambler won"t run in IE

"Sebastian G." (07-11-01 01:34:43):

> > No need to speculate - the Chernobyl virus would indeed trash some
> > BIOSes.
>
> I rather thought about constructively hosing the BIOS by adding a
> rootkit, f.e. as presented on DevCon '06. This is really to miracle,
> since a typical Award or AMI BIOS consists primarly of a little
> bootstrap code, a decompressor and a list of LHARC or ZIP compressed
> BLOBs of position-independent code. Just write your own code, compress
> it, add it to the list and write back the result. The typically free
> space ranges from 6K to 48K, that's more than enough to complete hook
> the entire boot process of Windows. On AMD CPUs, you can even
> introduce your very own microcode update pretty easily.

This is very error-prone. If something goes wrong, then you've got a
denial of service case, which the user would notice certainly, and from
which it's difficult to recover. However, maybe the virtualization
extensions of newer x86 processors can be abused for such purposes.


Regards,
Ertugrul Söylemez.


--=20
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.

Re: KeyScrambler won"t run in IE

On Wed, 31 Oct 2007, gv wrote:
>On Oct 31, 6:34 am, bealoid wrote:
>> "Sebastian G." wrote innews:5or64vFneb4rU1@mid.dfncis.de:
>>
>> > gv wrote:
>>
>> >> I installed KeyScrambler 1.3.1 via FireFox extensions, and checked
>> >> the box to add the Internet Explorer (IE) plugin too. It works in
>> >> Firefox, but there's not indication it's running in IE.
>>
>> > This is comp.security.misc.
>>
>> "This" is a crossposted message. :-(
>>
>> > At the name implies, we're discussing
>> > computer security. Neither this KeyScrambler snakeoil nor the
>> > often-abused-as-webbrowser IE have anything to do with security.
>>
>> Indeed. From the website:
>>
>> [quote]
>> KeyScrambler Personal encrypts your keystrokes at the kernel driver level
>> to protect your login information from keyloggers.
>>
>> When you type on your keyboard, the keys travel along a path within the
>> operating system before it arrives at your browser. Keyloggers plant
>> themselves along this path and observe and record your keystrokes. The
>> collected information is then sent to the criminals who will use it to
>> steal from you.
>> [/quote]
>>
>> Any computer that has a keylogger on it is hosed. The user would need to
>> wipe the disk and reinstall their OS.
>
>Then 95% of all computers manufactured are "hosed" - and wiping/
>reinstalling an OS won't help that. The original keylogger, which used
>that exact term, was developed by the NSA, and was developed long
>before the advent of the internet. It finally became publicly known
>about around 1992, when a federal court ruled on admissablily of
>evidence obtained by the FBI while using it. The ruling said the
>government did not have to reveal how it worked, and that remains
>classified. Using that technology the government can record keystokes
>with instruments nearby 95% of all computers, without having to
>install any software on the computer. However it works, it's built
>into the computer. One type of keylogger used by the FBI was found to
>work by queuing keystrokes in a rolling buffer, and the buffer was
>transmitted (radio waves) if it received a query (also radio waves).
>This was built into the laptop when it was manufactured. It was
>speculated that this was intentionally exposed to cover for the main
>keylogger technology, which is supposed to be more subtle. - I
>don't know if Keyscrambler would help with that - I doubt it - but it
>keeps the non-government types from stealing your passwords.


isnt it wonderful being able to make wild statements like that without a
shred of anything to prove them?



--
My public keys can be found on my freenet site:
SSK@TEx6TiaPeszpV4AFw3ToutDb49EPAgM/mytwocents/51//m2ckey.ht ml
(*NOTE* you must be running freenet for this link to be usefull)
and on public keyservers. Key-Id: 0x92769D7E
Fingerprint: 2F07D586C8D4EEA732711338CFEF46E592769D7E
I can be reached either by the NiM form on the freesite or by
Email: m2c AT nym.panta-rhei.eu.org
Frost: MyTwoCents@Z+59LNK9NhMvxewYggENU4Ww50s On the Freenet board

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.eu.org
for abuse and hashcash info.