Any comments on BlueGem's LocalSSL?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Oct 28 01:11:36 PDT 2005


http://www.bluegemsecurity.com/ claims that they can encrypt data from the
keyboard to the web browser, bypassing trojans and sniffers, however the web
pages are completely lacking in any detail on what they're actually doing.
>From reports published by West Coast Labs, it's a purely software-only
solution that consists of some sort of (Win9x/Win2K/XP only) low-level
keyboard driver interface that bypasses the standard Windows user-level
interface and sends keystrokes directly to the application, in the same way
that a number of OTFE packages directly access the keyboard driver to try and
evade sniffers.

The West Coast Labs tests report that they successfully evade all known
sniffers, which doesn't actually mean much since all it proves is that
LocalSSL is sufficiently 0-day that none of the sniffers target it yet.  The
use of SSL to get the keystrokes from the driver to the target app seems
somewhat silly, if sniffers don't know about LocalSSL then there's no need to
encrypt the data, and once they do know about it then the encryption won't
help, they'll just dive in before the encryption happens.

Anyone else have any additional information/comments about this?

Peter.





More information about the cypherpunks-legacy mailing list