11-04-2015, 11:03 PM
11-04-2015, 11:45 PM
The way I understand this, the attack works only when the database is open or something, right?
From the KeePass developer:
"KeeFarce is not a threat (and the developer of it apparently knows that, as he nowhere declares it as threat or attack).
This tool extracts information of a running KeePass process (with an open database) using a rather complicated method (using DLL injection). There are much simpler ways to achieve that. For example, a tool could send simulated keypresses to the KeePass window to export the data to a file (e.g. press Alt+F, E, Tab, Space, ...). Before that, a screenshot could be created and displayed above all windows in order to hide this procedure (and a user probably would not notice a screen freeze of one second).
Like others wrote before, the actual problem is running specialized malware. If you're doing this, everything's over; software cannot protect itself in such a case. I wrote about this before:
http://keepass.info/help/base/security.h...pecattacks"
So... nothing new. Or does the attacker need only the database file?
Your passwords cannot be safe if you catch some kind of malware, KeeFarce or not.
You could simply catch a keylogger and get your passwords compromised.
From the KeePass developer:
"KeeFarce is not a threat (and the developer of it apparently knows that, as he nowhere declares it as threat or attack).
This tool extracts information of a running KeePass process (with an open database) using a rather complicated method (using DLL injection). There are much simpler ways to achieve that. For example, a tool could send simulated keypresses to the KeePass window to export the data to a file (e.g. press Alt+F, E, Tab, Space, ...). Before that, a screenshot could be created and displayed above all windows in order to hide this procedure (and a user probably would not notice a screen freeze of one second).
Like others wrote before, the actual problem is running specialized malware. If you're doing this, everything's over; software cannot protect itself in such a case. I wrote about this before:
http://keepass.info/help/base/security.h...pecattacks"
So... nothing new. Or does the attacker need only the database file?
Your passwords cannot be safe if you catch some kind of malware, KeeFarce or not.
You could simply catch a keylogger and get your passwords compromised.
11-05-2015, 12:04 AM
From my understanding, the KeePass program must be open and logged into your keepass db (i.e. db must be decrypted)..then you are at risk.
11-05-2015, 12:46 AM
@MarkZ correct. And you only need port 22 open on a server to be open to a ssh attack. Point is, a vulnerability is still an attack vector. Close all the doors, stop the attack.