Information Security News
iT News (blog)
Does Australia need an infosec wake-up call?
iT News (blog)
Is Australia too complacent with regards to its information security? What kind of wake-up call will it take to shake us into action? Earlier this month, two iconic Australian department stores were hacked and a large consignment of customer records ...
More than 500 websites that used a free analytics service inadvertently exposed their visitors to a nasty malware attack made possible by a hack of PageFair, the anti-adblocking company that provided the analytics.
Using a password manager is one of the biggest ways that average computer users can keep their online accounts secure, but their protection is pretty much meaningless when an end user's computer is compromised. Underscoring this often ignored truism is a recently released hacking tool that silently decrypts all user names, passwords, and notes stored by the KeePass password manager and writes them to a file.
KeeFarce, as the tool has been dubbed, targets KeePass, but there's little stopping developers from designing similar apps that target virtually every other password manager available today. Hackers and professional penetration testers can run it on computers that they have already taken control of. When it runs on a computer where a logged in user has the KeePass database unlocked, KeeFarce decrypts the entire database and writes it to a file that the hacker can easily access.
In fairness to KeePass developers, they have long warned users that no password manager can secure passwords on a compromised computer. Still, KeeFarce generated interest among security professionals and hobbyists over the past week, in large part because of the ease and convenience it provides.