Password Manager KeeFarce’s Source Code Posted Online

Denis Andzakovic, who is attached to Security-Assessment.com a security consultancy based in New Zealand as a researcher and besides is a hacker too, recently published KeeFarce's source code on the Internet. It may be noted that KeeFarce is certain tool to transmit the entire data saved inside an end-user's password manager of KeePass. Help Net Security reported this in news on November 3, 2015.

When end-user accesses the KeeFarce software online, only then the tool functions as it should. Incidentally, it utilizes one classic hacking method known as Dynamic Link Library insertion that so puzzles KeePass that it transmits all plaintext password data in one .CSV (comma separated values) file that is then exported onto a spreadsheet. There is no need for KeeFarce to keep knowledge of master password of KeePass, while also need not decrypt the database of stored passwords.

The tool's purpose is to help penetration testers, a kind of security consultants that organizations rent in for examining if it's sufficiently difficult to hack computers on the organization's PC network.

Earlier KeePass creators stated that the tool couldn't safeguard itself from spying software when any PC was compromised, referring to an old saying that when any con artist managed planting his malware on an end-user's PC, the PC no longer belonged to that end-user. It is probable that any different password manager may get hijacked via the same manner only if the end-user continues to be logged in because of the password manager under target.

Obviously, infections from KeeFarce else from any malicious software can be avoided if end-users' computers remain continuously updated, protected from AV solutions while no attacker may physically access the systems. Moreover, in case password managers are used, end-users require setting the time which would limit the period they can stay logged in within those managers.

There is no doubt that KeeFarce would revive an old criticism that failure of password managers results in one-stop destination by the managers for hackers in acquiring each password of a target. Again undoubtedly, password managers are an example of one lone instance of failure which can prove disastrous.

» SPAMfighter News - 11/10/2015