Hi,
As many of you guys and girls I carry around my usb disk with keepass and a file with some sensitive info on it.
However, I was realizing the other day that is not the best thing to do.
KP is open source so everybody can compile a new -and adapted- version of KP. They could modify it to store or send passwords. So, imagine this scenario:
-I'm at work but dying for some coffee. So, I lock my pc and go to the coffee machine.
-A sneaky person takes out my usb disk and copies his (her?) ADAPTED version of KP onto it.
-He (she) replaces the disk
-Later that day, I want to check some passwords. I boot the new version, it stores a text file with the info on my disk.
-At my next coffee break the sneaky person comes back to collect the file...
-He (or she) laughs very evilly...
So, what I want is some advice on how to bypass/solve this issue (granted there is one).
regards,
Mover
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Consider.... if you leave the USB key there, an adversary can replace -ANY- executable file on it with an app of their own, which just calls the app that it replaces, after installing a key logger - it doesn't need to be an open source one, it could be anything that you run from the drive.
If you are truly that worried about security, then the drive should never be out of your hands, and, if it ever is, then it should be considered to be untrusted once you get it back. Think: use a separately stored MD5 summer to check out all the exe's.
Alternatively, use TrueCrypt to encrypt the contents of your drive, that way the adversary can't change anything on it even if (s)he does get hold of it.
Security and convenience are, sadly, often a trade off, one against the other.
i never thought of that.
I just tried it and the menu kept running after i plugged it back in cause it got the same drive letter...
so the only way is to unplug it when you leave
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
way round this would be to get the MD5 value of the exe, and then every time you went to use it, re-MD5 it and compare, if it has changed, then so had the exe. Not very practical though, and any automated version could also be hacked (although thinking about it so could your MD5 program).
Having a signed executable (which John is gradually implementing throughout the suite) will add another level of reliability to that sort of check. Not only does validating a signature check the hash (probably MD5 or SHA, sometimes both), it also checks the certificate. If an altered version of the executable has been put on the drive, it would either not have a signature, or the signature would be invalid, or it would have a signature that differs a lot from John's. (Yes, the MD5 hash would likely change too, but you'd need to have an external, secure copy of the correct MD5 hashes to compare them too. Not a bad idea, actually. Microsoft has a utility called file checksum integrity validitor that can create a list of hashes you can store somewhere safe, and can compare files to those hashes for a check.) If the signature is not valid, the operating system should raise a warning when you try to run it (assuming the OS hasn't been compromised.)
Sysinternals has a program that can go through a drive and list all the executables that don't have valid signatures.
Of course if the machine has been compromised, it could be programmed to show a valid signature from John even if there wasn't one. But that would be fairly difficult, and besides you'd probably be checking it on another machine (e.g. when you got back home).
Of course, if you suspect your drive has been compromised (or, rather, unless you can prove that your drive has not been compromised, which is fairly difficult) it might be better to just reinstall the suite from scratch and restore from a backup.
I don't think the KeePass executable itself has a signature at present, which is unfortunate. KeePassPortable will likely get a signature the next time John releases it.
MC
..reminded me of this it did :
Integrity Checker (v2.0); includes full source
Integrity Checker is a straightforward application that checks the integrity of your files to ensure they have not been tampered with.
The files you select for protection will have their "known good" size stored together with either a hash or HMAC (user selectable) generated from the contents of each file. By comparing this information with what is actually stored on your drives later, any changes will be flagged up for your attention.
Download it from the site ( have a look at the other tools while your there )
http://www.sdean12.org/
There are many programs that someone can download and install in your computer to get your passwords (ie. keyloggers) without having to go through the trouble of re-writing code and re-compiling a program. In fact, sourceforge has an open-source app that can log every key pressed, every mouse click, it can take screenshots every 15 minutes and email all the information to an email of your choice. The creators market it as a way to keep an eye on what your kids are doing, but we all know the real way to use it.
"In three words I can sum up everything I've learned about life: it goes on." -- Robert Frost
"In three words I can sum up everything I've learned about life: baby ain't mine." -- Adam Holguin
In fact, sourceforge has an open-source app that can log every key pressed, every mouse click, it can take screenshots every 15 minutes and email all the information to an email of your choice.
-
Can you gimme the program name?
To be honest with you, I don't remember the name of it. I know that about a year ago I downloaded it to try it out, but never used it and just got rid of it.
"In three words I can sum up everything I've learned about life: it goes on." -- Robert Frost
"In three words I can sum up everything I've learned about life: baby ain't mine." -- Adam Holguin
btw... thanks
A partial solution would be to at least prevent people from accessing the disk when it is not in use (eg in my bag).
For example the U3 platform allows for a password to be set to lock the disk.
This way I would not have to watch it 24/7. It is only at risk when unlocked in a pc.
Does something like this exists for non U3 disks? I heard about TrueCrypt but that requires admin rights on the host pc.
Even nicer would it be to write protect some areas of the disk so that the host pc can not write to them without your knowledge/consent.
This way the security hole is only there when getting coffee and leaving the disk in an UNLOCKED pc (removing it would lock it).
An comments?
U3 doesn't really lock anything other than the U3 launchpad, the drive is still accessible. They just put that there to make you think you are secure.
Without getting into the whole encryption vs non-encryption debate, U3 Does Lock Out access to the writeable partition, not "just" the Launchpad. If you eject the drive you cannot get back into the data partition without the password unless you reset the drive.
If you reset the drive and wipe out the information on the writeable partition the question of whether or not the deleted data can be recovered then comes into play.
But your statements above are just incorrect and misleading.
Respectfully,
Tim
Things have got to get better, they can't get worse, or can they?
My bad. I misunderstood then. Thanks for enlightening me.
If you don't have admin access to the machine, then you can't even reliably scan it for keyloggers, trojans, worms, viruses, or any other malware.
Basically, if you can't -trust- the PC you're sitting at, then you take a risk by just plugging your USB drive in.
Equally, you would be taking a risk by even -typing- a password from memory on such a machine - it is all about how big a risk it is, and whether you're prepared to take it.
Personally, I use portableapps between PCs that I control, at work, at home, and at friends / family members, but then, I'm involved in securing and protecting those PCs too, so I know what I'm risking or not.... and I still wouldn't use internet banking anywhere but my -own- PC, unless I thoroughly checked out the machine for myself first.
I don't think the situation above would work.
The other person is not going to be able to replace your password (unless you told him). You won't be able to use KP.
James
I'm sorry, but the thought that "because it's open source means someone could rewrite the code and that makes it a security risk" is just ridiculous. I just read an article from I believe it was the Washington Post on how Google's Android was going to be sooo infested with viruses because OH MY GOSH THE HACKERS CAN REWRITE THE SOURCE CODE!!! In either case, implementing the attack would require physical access to the device in question, in which case there is almost NOTHING that can be done to protect your data against any and all attacks. Honestly, if you're going to be worrying about security threats, this is like fortifying a castle's basements to keep the enemy from tunneling in when the front door is wide open (ok, so maybe the door isn't wide open, but that's why hackers go through the "back door" ...you are, as I said, referring here to the basement). My point being, if someone is going to try to get your password, they are going to target a larger group of people than KeePass users. That's why Internet Explorer is, in the history of computing, the most exploited software in existence. Trying to extract passwords in the fashion you described is a whole lot of work for a very small target, and probably a proportionately small return. Targeting, say FireFox Portable to transmit the passwords that it saves would hit a larger number of people for the amount of work it would take. There is no such thing as a secure networked computer, but paranoia over misconceptions about the implications of an open code base are not helpful either.
Quamquam omniam nescio, nec nihil scio.