| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 6/21/2009 2:37:22 PM | I started uses a key scrambler after brother lost $600.00 from a keylogger on his computer.
When the encrypted keystrokes reach your browser, Key Scrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the encrypted keys, which are completely indecipherable. | |
|
| |
- don
|
Joined: 4/23/2009
Msg: 3 | |
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 6/21/2009 3:38:28 PM | Be careful with free ones you download from the Internet, they can actually be a keylogger/root kit in disguise. 
I know there is a FF Add-on that encrypts at the kernel level but wherever you decide to get it, just be sure you get it from a reputable source. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 6/21/2009 5:47:23 PM | A keylogger was probably not the only thing on that system.
This scramber just seems like a waste of resources that's more for feeding an illusion of security rather than actually enhancing system security. The solution is not to get compromised in the first place, something which should be virtually impossible with good surfing practices.
If the guy had a keylogger, it's because he allowed it to be on there. So I'd spend my time trying to teach him better surfing habits so that he avoids downloading malware like that in the future. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 6/21/2009 6:38:09 PM |
If the guy had a keylogger, it's because he allowed it to be on there. So I'd spend my time trying to teach him better surfing habits so that he avoids downloading malware like that in the future.
he was using Norton Internet Security and it did not find anything !!!!!
Webroot AntiSpyware was the only software that found it.
This scramber just seems like a waste of resources
its a small program so how can it slow down a computer? | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 6/21/2009 7:45:07 PM |
he was using Norton Internet Security and it did not find anything !!!!!
Webroot AntiSpyware was the only software that found it.
Yes, but my point is that he is responsible for the malware being loaded on. If you need an anti-malware product to clean an infected machine, it's already too late.The focus should be on prevention, so that the computer never gets infected in the first place.
its a small program so how can it slow down a computer?
Read the second half of the sentence you quoted. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 6/22/2009 12:54:11 AM | | norton "security" is pretty poor, good for the numpties who not know a lot, it blocked access to my brothers round the world photo trip site, norton tech support recommended disabling norton, so it got wiped and replaced with something better | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 6/30/2009 12:16:07 PM | Just trying to point out free software that save you money and and everyone seem to think that no one will steal there credit card # it will never happen to me.
anyone one that uses your computer can put a key-logger on your computer and tell the security software not to block it. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 6/30/2009 12:50:20 PM | The last time I checked....keyscramblers won't work because most of the good keyloggers connect to the keyboard at the hardware level...before the abstraction layer of the keyscrambler....it works on the more cheaper ones...but the point is, the OS decrypts the information to make use of it...a keylogger is going to detect that.
most of them are just silly applications to make people feel better when it doesn't do much. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/2/2009 5:14:09 PM | I am not a geek, so correct me if I am wrong. I believe that I have come across a 100% effective block for discovering a password by keystroke method.
While typing your password....for some keystrokes move your curser to the address bar at the top of the browser. Do this several times back and forth. A keylogger cannot tell if all the letters or numbers were not in the password.
However you must type the same every time, or a smart geek could figure out the odd letters or numbers.
Am I wrong? | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/2/2009 5:30:10 PM | You are correct.
However, most "keyloggers" don't operate this way. Rather, they capture the traffic you send to websites of interest (ie. bank.) This allows the criminals to collect relevant information quickly, rather than have to parse through reams of text. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/2/2009 6:58:31 PM | you're confusing a keylogger with something entirely different.
the technical definition of a keylogger is just that...something that logs keystrokes. the problem with most ways of trying to encrypt keystrokes from them is most of the good ones connect at the hardware level to the keyboard...prior to the OS even getting the data. so even if you had an encryption scheme, it wouldn't work...plus the OS would have to decrypt it to make use of it.
the only way to avoid keyloggers is to not be stupid on the net...and run a good AV program with a application based firewall...these keyloggers have to connect to the net to drop thier payload of data and if you can prevent them from connecting, you prevent the data from getting out. one of the things they stressed in a computer security course I took is for every way you find to stop a hacker, he'll find 2 more to screw you. | |
|
- don
|
Joined: 4/23/2009
Msg: 13 | |
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/2/2009 10:32:03 PM |
the technical definition of a keylogger is just that...something that logs keystrokes. the problem with most ways of trying to encrypt keystrokes from them is most of the good ones connect at the hardware level to the keyboard...prior to the OS even getting the data. so even if you had an encryption scheme, it wouldn't work...plus the OS would have to decrypt it to make use of it.
the only way to avoid keyloggers is to not be stupid on the net...and run a good AV program with a application based firewall...these keyloggers have to connect to the net to drop thier payload of data and if you can prevent them from connecting, you prevent the data from getting out. one of the things they stressed in a computer security course I took is for every way you find to stop a hacker, he'll find 2 more to screw you.
I Agree, my sec instructor never went into detail on keyloggers specifically but I know software can't detect hardware trojans/viruses/etc. The only way you would know is to monitor the traffic.
& very true about the hacker statement, that's why network security is becoming so high in demand. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/2/2009 11:15:21 PM |
I Agree, my sec instructor never went into detail on keyloggers specifically but I know software can't detect hardware trojans/viruses/etc. The only way you would know is to monitor the traffic.
& very true about the hacker statement, that's why network security is becoming so high in demand.
Only one huge problem with that, when it comes to novice users.
For instance there are three methods of transmission for key loggers of today.
1) Email
2) Direct connect on demand.
3) FTP to a dump site.
Now if everyone were smart, this would render key loggers useless, but because people are not smart, they will try to cut corners and do as little of work possible, an example would be to "allow all" connections for application X.
Example: I use outlook, I don't want to be notified when it tries to send/receive, so I enable it to allow all, or worse, the firewall does it by DEFAULT. Therefore, allowing any key logger attack to be sent to the attacker without a problem.
The other problem is program identification, some key logging apps have the ability to mutate their application name, and to a standard user, Internet Explorer would be their browser, so they would allow the connection and it would allow connectivity to direct connect or ftp the payload to a dump site.
The ONLY way you're going to be able to rid the world of key loggers and malware alike is to get rid of the stupid users, and we don't want that to happen, or our field would be useless.
We need stupid people, protect yourself, profit off the ones who don't :P | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/2/2009 11:18:15 PM |
I am not a geek, so correct me if I am wrong. I believe that I have come across a 100% effective block for discovering a password by keystroke method.
While typing your password....for some keystrokes move your curser to the address bar at the top of the browser. Do this several times back and forth. A keylogger cannot tell if all the letters or numbers were not in the password.
However you must type the same every time, or a smart geek could figure out the odd letters or numbers.
Am I wrong?
Only problem with that is some key loggers can detect field changes, or they will scan the actual html document and only log areas they deem of value, after all, a lot of websites will label their password fields as such:
passwd, pass, pw, password,pword, pwentry, etc..
The keylogger will analyze and then secure that text field only. | |
|
- don
|
Joined: 4/23/2009
Msg: 16 | |
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/3/2009 12:18:21 AM | Yeah, The pebkac issue again
& for most sites, you send your password in clear text (http)
So if you use the same password for facebook/myspace as you do for online banking, you're asking for trouble.
The average user should know for important passwords/logins sent over the Internet, make sure you see the 's' after the http_ ( https ) in the address bar (the 's' means it tries to be secure)
And even then, make sure you are on the correct site. A lot of scammers make links to look-alike banking sites/login pages.
So have At Least 2 passwords for logins used on the Internet(one for http & one for https) and an entirely separate password to log on to your computer which should have at least 8 characters(including upper/lower-case letters, numbers, and at least 1 special character)
*For Passwords-Do Not Use Dictionary Words/Names/Pets Names & easily guessed passwords b/c they are easily cracked with bruteforce/rainbow tables & password guessing
& like previously stated, don't be stupid on the net >which may not mean much to the technically challenged so here is a short guide for basic Internet safety:
________________________________________
http://www.onlinesecurity-guide.com/
________________________________________
And No,...I'm not a security expert but I did stay at a Holiday-Inn Express last night  | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/3/2009 3:13:28 AM | | I see no way for that software to reliably work. When you establish a hook into the windows features that read keyboard pulses in their raw form, as a lot of key loggers do, you have no guarantee that your the first one there. And furthermore if you encrypt that data, how in the world do you expect the rest of the pc to be capable of reading it? Want to see how reliable it isn't, download from a coding website one of the examples (codeproject.com is a trusty one) that deal with raw input. That's reading keyboard input in it's unprocessed form and interpreting it yourself from a software standpoint, watch as the letters you type in come out perfectly fine. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/4/2009 2:45:13 PM | KeyScrambler (from PC World's "Great Privacy Downloads" -- http://www.pcworld.com/downloads/collection/collid,1533-order,4-c,encryption/files.html ) encrypts at the OS level (even you user account login pass is encrypted), if it detects a program it has been made to run with it encrypts all keystokes...so any keyloggers depending on the OS will get a bunch of garbage to send back to their creator:
http://www.qfxsoftware.com/
I've got the premium version, and it will even protect SSH sessions with a remote server which is great...I think every little bit of protection you can get helps.
-Mk | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/4/2009 3:08:26 PM |
KeyScrambler (from PC World's "Great Privacy Downloads" -- http://www.pcworld.com/downloads/collection/collid,1533-order,4-c,encryption/files.html ) encrypts at the OS level (even you user account login pass is encrypted), if it detects a program it has been made to run with it encrypts all keystokes...so any keyloggers depending on the OS will get a bunch of garbage to send back to their creator:
http://www.qfxsoftware.com/
I've got the premium version, and it will even protect SSH sessions with a remote server which is great...I think every little bit of protection you can get helps.
-Mk
This is fine and dandy, but what protections are there when you get someone who decides it is worth investing the time to disable this product? The same thing happens with anti virus programs all the time.
You're better off adjusting your surfing habits, and becoming more aware of computer security, which would help a person more in the long run than any security/privacy application could. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/9/2009 10:02:10 AM | @tallshyman:
I started uses a key scrambler after brother lost $600.00 from a keylogger on his computer.
When the encrypted keystrokes reach your browser, Key Scrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the encrypted keys, which are completely indecipherable.
Security theater only.
A keylogger was probably not the only thing on that system.
This scramber just seems like a waste of resources that's more for feeding an illusion of security rather than actually enhancing system security. The solution is not to get compromised in the first place, something which should be virtually impossible with good surfing practices.
If the guy had a keylogger, it's because he allowed it to be on there. So I'd spend my time trying to teach him better surfing habits so that he avoids downloading malware like that in the future.
Give that man a cigar.
The chain of events is along these lines:
Keyboard stroke -> hardware interrupt in your computer -> device driver -> rest of the O/S -> however many other layers -> letter appears on your screen.
If the keylogger is installed closer in the chain than your magic encryption programme, all you're doing is wasting memory and machine cycles. And there is no way for said programme to know. Period.
As I said - security theater - the *illusion* of security. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/22/2009 6:00:46 PM | You could always do what I done when I once had a keylogger lol, I couldnt be botherd to format my comp to make sure it would be gone and was typing passwords in for aobut a week before formatting and they never got in my account again, I was using the microsoft "On-Screen Keyboard" I think most Keyloggers if not all dont pick up you have typed anything if you use some sort of on-screen keyboard whether its the microsoft one or one of them online java ones, where you type by clicking on the letters with your mouse. So maybe if your really paranoid just use the microsoft On-Screen Keyboard everytime you type a password :P
Although, im not 100% sure this would work against all keyloggers, there may be ones out there which would still get your details, I dunno im not an expert with Keyloggers but this method worked for me when I had a keylogger on my system. | |
|
| key scrambler It defeats keyloggers by encrypting your keystrokes
Posted: 7/23/2009 1:02:03 AM | key loggers can tap into the api and intercept the keystrokes no matter if it's done via a keyboard, on screen keyboard or "cut and paste".
Best bet is to have an external firewall in place (on the pc is a little to late since they're knocking at the door already), avoid downloading software from the internet unless you know and trust the source, remove Norton (It's useless) and get a decent AV/spyware scanner and keep them up to date. | |
|
Home
login 
