Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"KeePass looter: Password plunderer rinses pwned sysadmins", via The Register


  • Please log in to reply
6 replies to this topic

#1 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 03 November 2015 - 11:17 AM

Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeePass.

The jeu de mots KeyFarce works when a user has logged into their vault, and will dump the contents to a file that attackers can steal.

It is no death knell for KeePass or other password managers, but is an extra bow in the quiver of attackers capable of compromising a target's machine.


Source: http://www.theregister.co.uk/2015/11/03/keepass_looter_the_password_plunderer_to_hose_pwned_sys_admins/

For the users of KeePass here. I doubt you'll get affected by that in the near future, but I could see it being integrated in a malware and spread around.

More complete article on ArsTechnica: http://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/

Edited by Aura, 03 November 2015 - 01:40 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


#2 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:01:09 AM

Posted 03 November 2015 - 08:56 PM

So all these years I have not been overly paranoid in not trusting my passwords to any password manager.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#3 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 03 November 2015 - 09:23 PM

Password Managers are also part of a security setup, and the perfect security setup doesn't exist. However, if you read the second article, Security Experts still encourage you to use one since they also offers many advantages.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:01:09 AM

Posted 04 November 2015 - 06:59 AM

I have always believed in strong passwords just not keeping them in one place on the computer.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#5 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 04 November 2015 - 07:41 AM

It's hard to have really strong passwords and remember all of them as well. Plus password managers makes your life easier when you need to login across multiple devices, hence why I have the paid version of LastPass (for the Android app on my Nexus 5 and tablet), it makes me life so much easier when it comes to login, saving information, etc.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 patrick.croner

patrick.croner

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, Quebec, Canada
  • Local time:03:09 AM

Posted 04 November 2015 - 11:57 AM

Why am I not surprised? While this is definitely bad, it's certainly not the end of the world. As the article states, don't keep your password manager open and idle all the time. Good article, btw. It addresses that there is an exploit going around



#7 CloudDay

CloudDay

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 08 November 2015 - 06:53 AM

I have not been overly paranoid in not trusting my passwords to any password manager






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users