Threatpost Poll: Are Password Managers Too Risky?
Weigh in on password managers with our Threatpost poll. Continue reading Threatpost Poll: Are Password Managers Too Risky?
Category Archives: KeePass
Password managers leaking data in memory, but you should still use one
Several popular password managers appear to do a weak job at scrubbing passwords from memory once they are no longer being used. Continue reading Password managers leaking data in memory, but you should still use one
Password Manager Firms Blast Back at ‘Leaky Password’ Revelations
1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory. Continue reading Password Manager Firms Blast Back at ‘Leaky Password’ Revelations
Flawed password managers allow malware to steal passwords from computer memory
The most widely used password managers sport fundamental vulnerabilities that could allow malware to steal the master password or other passwords stored by the software directly from the computer’s memory, researchers with Independent Security Ev… Continue reading Flawed password managers allow malware to steal passwords from computer memory
KeePass Key File – Does it provide any meaningful security?
KeePass has the option for a master password and key file (and windows login). But I am not sure how it really helps security that much.
I can see a couple of scenario’s:
The database and key are on one system: basicly a o… Continue reading KeePass Key File – Does it provide any meaningful security?
Keepass2 vs KeepassXC – KeePass-Http connector – Mono in Linux
please forgive beginner question.
I have been using Xubuntu for several years now; this question is regarding password managers under Linux/Ubuntu.
I have been using Keepass2 which is just such an amazing password manager; … Continue reading Keepass2 vs KeepassXC – KeePass-Http connector – Mono in Linux
Finally, is it safe to keep my "keepassX" database on my server or cloud with encryption?
My password database file of KeepassX has a long password of over 10 characters. I’ve read several articles and discussions about how safe it’ll be store such a file on VPS or cloud service such as Dropbox. There were no cons… Continue reading Finally, is it safe to keep my "keepassX" database on my server or cloud with encryption?
KeePassXC & Yubikey HMAC-SHA-1 vs 40+ Character Password
Looking at the implementation of the Yubikey 4 HMAC-SHA1 mode for KeePassXC, I want to know:
Isn’t the HMAC-SHA1 challenge response less secure than a 40+ character password?
From what I know, the challenge is hard-coded, s… Continue reading KeePassXC & Yubikey HMAC-SHA-1 vs 40+ Character Password
Breaking .kdb (KeePass 1.x) file
During a penetration testing lab, I have obtained access to a .kdb file of a KeePass 1.25 (password management).
Therefore I tried to find a way to obtain the file key file or key and after researching the internet a while … Continue reading Breaking .kdb (KeePass 1.x) file
The Year Targeted Phishing Went Mainstream
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack).
But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness. Continue reading The Year Targeted Phishing Went Mainstream