Are password managers a security risk? Employees should not use them in the offices.
Ryan Cox
The database where your passwords are saved is the real threat. I use a db in keepass format and store it in a pendrive, the password manager I use is kpcli.
Adam Hernandez
Yay! Good work, user, I have missed this thread.
Adrian Nguyen
Doing a CTF walkthrough for youtube (hoping to help build my resume) any tips to make it a good walkthrough? I'm going to explain all the tools used etc
Henry Wilson
I just recently knew about the cyborg manifesto, pretty cool statement. Damn, the 80's sure were crazy times.
Carson Campbell
=== /cyb/ News - for the world is more cyberpunk than ever. Transhumanists are obviously not dead yet, not even by their own hands...
>Would you hack your own body? bbc.com/news/technology-42887405 >For some, transhumanism - the theory that the human race can evolve beyond its physical and mental limitations with the help of technology - is a crucial part of the advancement of society.
Also Lepht Anonym is featured here,
Samuel Collins
For some reason /sci/ thinks transhumanism is only about cyborgs and antagonizes genemodding.
Jaxon Carter
Long live Lepht Anonym, I remember when she posted here!
Connor Campbell
i thought mods were deleting these threads?
Levi Adams
They have long been associated with cyberpunk. My impression is that they have become a lot more low profile the last 5 years or so.
So did I. And we are not in the clear yet (youtu.be/JLf9q36UsBk) I think it is a rogue janitor from the last intake. Also notable is that the /hackerman/ generals have been left alone.
I beat bandit and got to level 2 on leviathan but I feel like I hit a wall. I come from linux network shit rather than cs n that I should buy a book to get there
Suggestions? I'm thinking The C Programming Language or Compilers: Principles, Techniques, and Tools idk
Joseph Martin
>Are password managers a security risk? Yes. You don't know the source or of you do you don't know if the compiler is true or rigged and even if both are in the clear a third program can get hold of the data file and upload it to servers that will crack the encryption that also can have back doors.
Lucas Wood
obviously Compilers: Principles, Techniques, and Tools
Jace Jackson
A last video bump for the night, from a futuristic dystopia with fashion in alignment: youtu.be/IGSlKydvtbU
Jose Davis
>you don't know if the compiler is true or rigged I'm sure the man hacked the guys writing your password manager so they could insert a ken thomson hack into the compiler.
> a third program can get hold of the data file and upload it to servers that will crack the encryption that also can have back doors.
I'm sure whoever has the backdoor to AES has better things to do than find your pornhub password.
That said for your password manager protects you against 1. weak passwords 2. the site you used your password on being hacked and your weak password being reused
1 + 2 are regular risks.
Where your password manager is under attack: 1. Its an online password manager and hackers see it as a loot pinata 2. Your computer or where ever you store the password DB is compromised.
In the case of 2 your already fucked because even if you memorize 64 character passwords you have a keylogger or cred stealer waiting for you to use your PW or decrypt the PW DB.
TLDR: Using a password manager isn't increasing your threat vector because if they have access to it your already fucked. Its decreasing your threat vector if its eliminating password reuse(big one!) or weak passwords (lawl under 32chars) .
Michael Harris
I'm not sure how to handle passwords. I ditched LastPass and have been using KeePass. I carry around a thumb drive with a database on it, the database is also on my phone, and I have another thumb drive in a safe for backup. I just sync up my database manually. I'm not sure if I'm retarded or not.
Nathaniel Richardson
you're doing better than most folks
Ian White
>I'm sure the man hacked the guys writing your password manager so they could insert a ken thomson hack into the compiler. Alphabet agencies have pulled off some impressive stuff to the point where one should never ever make any assumptions.
>I'm sure whoever has the backdoor to AES has better things to do than find your pornhub password. That was old style logic. These days it is all about running a massive dragnet across the entire net and catch anything and everything in case it might be useful later. Like finding your pornhub password is also used for your nuclear weapons.
Lucas Phillips
I just use kpcli that is perl script and very transparent to audit. I know some password managers are risky and that is why I stay away from keepass2 and its .NET threat but keepassx, keepassxc and keepassc now exists. Also listen to both these fellas they both have good points. Above all dont use an online password manager, that is looking for trouble.
You are doing well, I would argue that storing the database in your phone is not a good idea and you should use the thumb drive connected through the USB or OTG your phone has only when you need it, like you do in your other computers. But mostly you are doing well.
Grayson Morgan
I guess this is /sec/ related, currently in a program for informatics and security
I wanted to ask anons what jobs and positions there are other than muh security analyst wage slavery and how to make a good living after finishing school
