You are viewing a single thread.
View all comments View context
3 points

Yeah, it sounds like the first exploit required your vault to be unlocked

That barely fits the requirements to even be called a vulnerability.

“Sir, this safe lock is horribly insecure because all it takes for somebody to get access to the safe is to have the owner invite an intruder over to his house, unlock the safe, and the intruder can barge right in!”

I’m all for broadcasting vulnerabilities for services that deserve it. But, taking two of the thousand unrated CVEs that appear each year, slapping on a clickbait headline, and trying to scare people into not trusting password managers is a load of shit. The only reason this trash got upvoted is because this community has a massive hard-on for locally-controlled password stores, without acknowledging the negatives.

permalink
report
parent
reply
3 points

One thing to keep in mind about how these vaults work, is you often unlock them and then they stay unlocked for a short period of time, like 5 minutes. So if you do compromise a system and can detect when it is unlocked, you have a decent window to programmatically extract credentials.

That said, it requires that your system has already been completely owned, pretty much. At that point, it could potentially log keystrokes and clipboard, and get credentials, including your master password.

permalink
report
parent
reply
2 points

Right. If you have malware on your computer, you might as well assume that every part of the computer, and everything it can connect to, is compromised.

permalink
report
parent
reply

Cybersecurity

!cybersecurity@sh.itjust.works

Create post

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

  • Be respectful. Everyone should feel welcome here.
  • No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
  • No Ads / Spamming.
  • No pornography.

Community Rules

  • Idk, keep it semi-professional?
  • Nothing illegal. We’re all ethical here.
  • Rules will be added/redefined as necessary.

If you ask someone to hack your “friends” socials you’re just going to get banned so don’t do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

Community stats

  • 1.6K

    Monthly active users

  • 890

    Posts

  • 1.8K

    Comments