Password Managers

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,511
Location
Horsens, Denmark
Not happy, but not planning an exit yet either. If this deal had happened before I bought in I wouldn't have done so. I'm still optimistic that it takes at least a year for them to damage the product or brand enough that I jump ship.
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
It seems to me that the weak link in a system like LP is the integration with the browser. Are there any best practices or settings that can be useed to minimize browser related vulnerabilities when using LastPass?
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
I don't understand that article or the title is misleading. So if my PC is compromised AND my password database is unlocked I'm at risk?

When it runs on a computer where a logged in user has the KeePass database unlocked, KeeFarce decrypts the entire database and writes it to a file that the hacker can easily access.
 

Will Rickards

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,011
Location
Here
Website
willrickards.net
My understanding is that yes they still need the keepass database open, which requires the master password.
So in order for this 'hack' to have any effect you would need to leave it open and have your machine hacked in the first place.
It uses simple dll injection, which is a process in windows where you get a running program to load your dll. Then the dll code essentially runs in the process space.
This is similar to hooking up a debugger to the process and then inspecting the memory or causing one of methods to run.

So there is nothing to see here. They just made something you could do already on a compromised machine, easier.

I believe there are things you can do to make code resistant to dll injection. But I'm not sure you can fully protect against it. It is built-in to the windows framework.
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
DD - So glad you turned me on to Lastpass. I am so loving everything it offers. It has really made managing passwords so much easier!
 
Top