1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Follow Casinomeister on Twitter | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Citadel Attack Targets Password Managers

Discussion in 'Computers and Internet Geekland' started by Mousey, Nov 21, 2014.

    Nov 21, 2014
  1. Mousey

    Mousey Ueber Meister Mouse

    Pencil Pusher
    From Dark Reading - Don't know if you can access without account...

    You must register/login in order to see the link.

    1 person likes this.
  2. Nov 21, 2014
  3. vinylweatherman

    vinylweatherman You type well loads CAG MM

    STILL At Leisure
    United Kingdom
    The malware does not appear to infect sheets of A4, so I'm probably OK:D

    Maybe the old way is best, as ANYTHING that is stored on a device connected to the internet could become a target for a malware attack.

    The best idea might be a "dumb" device that has password protection, but that cannot connect to any other device, not even by a cable. Even offline storage like a USB stick can be attacked in the time it takes to connect it to a PC in order to look up one of the passwords.

    The security industry has created this problem because there are hundreds of sites and services that have "secure login", but there is no overall standard, and each one thinks that they are the only service a user has, thus it should not be a problem remembering all the secure details rather than storing them in a retrieval system.

    They should all look at moving to biometric security, so that the user doesn't have to remember anything, their passwords are encoded in their DNA, and "retrieved" through scanning various body parts such as the Iris or fingerprint. More than one method should be used, along with one other offline system such as a key generator that supplies a one off login PIN for each access.

    If the user doesn't have to remember hundreds of different passwords and other codes, they won't feel the need to use any kind of retrieval system. Ideally, the iris and fingerprint scanners will only transmit data one way, outward, so that no malware can get in and "infect" the device in order to compromise it. Instead of the scanners being updated over the internet, they will be "chipped" by having the updated EPROM posted out to the user in as secure a manner as possible, and the EPROM itself should have a code key so that it is paired with the unique device it is meant for, so that if stolen in transit, it can't be cloned or compromised between the sender and the recipient.

    Our chip & pin machines were "hacked" by having bogus engineers visit the premises and adding extra chips or flashing compromised software onto them. The weakness was insecure management of technical support, rather than a direct malware attack on the device itself.

Share This Page