Care to explain -1 whoever did that? – William Hilsum – 2009-10-03T23:50:51.060

2Well, +1 for me. Although I don't fully agree with a few parts, it's definitely not a -1. Unfortunately some people seem to enjoy abusing the voting mechanism – A Dwarf – 2009-10-04T00:02:42.130

1Let me clarify the problem with both yours and Johns answer is the idea of a keylogger as an external application to the browser. On this case the idea that a browser such as Safari, Firefox, or IE would be vulnerable to a keylogger coming from a LittleSnitch. I'm sorry but, it's just not possible. Unless you have knowledge I don't have, in which case I would really like to know about. – A Dwarf – 2009-10-04T00:09:17.903

Thanks! I wish that there was the facility to anonymously leave comments on a downvote, I don't mind being downvoted if I am wrong, as long as I know why!... and thanks A Dwarf!... I did write that a bit fast and not to clear :S sorry, anything in particular you don't like / I should rewrite? – William Hilsum – 2009-10-04T00:12:29.270

Didn't see your second comment and I upvoted! thanks for explaining... I Googled and I found that LittleSnitch is just a firewall application - http://www.obdev.at/products/littlesnitch/index.html ... If it is anyway good, it has to be installed at a "low level" within the networking stack. If you tried to keygen / patch / hack this application, there is no reason not to believe that it can't also include a keylogger.

ockquote>

anything in particular you don't like / I should rewrite? < You mean other than the fact that I think I actually have the right answer here? :) But seriously, the problem I have with both your answers is mainly the keylogger notion. Under a HTTPS connection the browser security features are elevated. It would be a tremendous security hole if any of the mainstream broswers allowed keyloggers to hook in when connected through HTTPS and seeing that locker icon. It would make headlines :)

Sorry - No... I learn from this site as well! If I write anything wrong, I really want people to tell me - if I am correct, but there are minor issues, I will change my answer... If there are major problems and my answer is wrong, I will delete it. Please don't take anything I say the wrong way. – William Hilsum – 2009-10-04T00:21:19.510

But on the other hand, if the browser itself is hacked, that's another matter. So In my view you would have to hack LittleSnitch and the broswer. The browser to permit keylogging activities, and LittleSnitch to pass on the results and not inform the user of this connection. – A Dwarf – 2009-10-04T00:21:21.537

1Regarding HTTPS, I don't think you are correct... The connection to the server (or proxy server, or even man in the middle!) is encrypted, but the actual process itself is not in anything higher than a standard process. Keyloggers typically go at a lower level / tie into kernel processes and would be able to intercept any key pressed. (in the same way as if you have a keyboard with custom buttons and an on screen display, you can make it display special stuff). – William Hilsum – 2009-10-04T00:23:01.503

ockquote>

Please don't take anything I say the wrong way.! < Oh no. Quite on the contrary. Have seen yours and John's along with many others and respect your knowledge and couldn't ever take anything in the wrong way. It just so happens I disagree on this particular issue. But that's just it :)

ockquote>

tie into kernel processes < I don't have the actual data with me at this point and will have to search. But I'm pretty sure all three major OSes (which include MAC OS) have facilities concerning special security GUI controls. This is a common feature in certain software with high security requirements and browsers use these facilities too, especially when under HTTPS. In any case, I'll take you answer for granted for now and will investigate further. As I said I don't have the relevant information at this point.

1Getting interested! I love this site, but miss not having forum facilities- but this will do! Nearly all modern OS's do have this facility when it relates to components on the OS itself to modify system files or change settings - however to install the firewall app, you would need to allow it to install. Browsers run in user mode and any sort of kernel add on / keylogger will be on top of this (sort of the principal of how root kits work, only they do more than just look at keystrokes). I will try to test this as well as you have got me very interested. – William Hilsum – 2009-10-04T01:44:50.277

2hate jump in, but: a keylogger would be intercepting keystrokes at the OS level, before the application (browser) gets it, and so could copy your keystrokes (CC data) as you type, before the browser encrypts & transmits the data. "special security GUI controls" smells like snake oil. – quack quixote – 2009-10-04T01:45:24.987

@~quack, +1 that is what I thought... and what I was trying to say in my last few posts... , @A Dwarf - I have just tested it and it looks like Firefox and IE (all that I have on my test machine) are a bit more secure than they used to be - Password revealers are not working as well now bcause the window comes up as one element, however like I tried to say and ~quack is saying, keyloggers work much higher than the application level and would still easily intercept this. – William Hilsum – 2009-10-04T01:51:53.653

I think you are correct. been searching for this and all I could find was nothing. To that I add the fact I found lots of recent evidence in the news of keyloggers intercepting banking transactions through a browser. However, @~quack, I'm sure you can express your ideas without the funny at the end. I think it was obvious I was struggling with words. – A Dwarf – 2009-10-04T02:23:06.757

cough MAC != Mac cough </irrational tick>. It might be worth editing in information from the comments into the question to help avoid having to dig through the comments. – Chealion – 2009-10-04T04:18:41.267

2@A Dwarf: my apologies, that wasn't meant as a personal attack. i mean "snake oil" in the sense of security "features" being hyped that aren't terribly effective -- Schneier uses the term a lot. if you were referring to specific features that are not snake oil, that's fine. sorry my comment was insulting. – quack quixote – 2009-10-04T04:54:15.643

1Yea, the nature of keyloggers is that they intercept the keystrokes at the kernel level. If it wasn't possible for an app to get keystrokes from the kernel, you wouldn't be able to type into a web form in the first place. In fact, all you have to do is convince the OS that your keylogger app also has focus, and all keystrokes will be sent to it aswell. The whole point of a keylogger is that it intercepts your keystrokes, irrelevant of which program you're using, because it has nothing to do with the individual programs, only the OS. – Samuel Jaeschke – 2009-10-04T07:37:53.907

1If you install a corrupt application, you're in real trouble. A firewall is not likely to work properly without some sort of admin or root privileges, and therefore almost certainly can be made into a keylogger. Unless it's on a physically separate box, it doesn't have to limit itself to reading the encrypted packets. Even if it is, it can execute a man-in-the-middle attack unless you're really careful. – David Thornley – 2009-10-04T14:57:59.047

What does "installed on the correct server address" have to do with it? If you're decrypting a compromised transmission, the app your doing it with will not be following normal procedures of checking the certificate is on the correct host, etc. It will just do anything it can to pull out whatever it can. – Samuel Jaeschke – 2009-10-04T07:41:26.973