German magazine c't article about security

lemonstre
lemonstre
Community Member
The last c't (a big german IT-Magazin http://www.heise.de/ct/) writes in the newest issue that there might be a security attac on 1Password found by Thomas Roth.

Google found this Twitter Feed about it ->

Can you explain what is going on here and if it is really possible to read out unencrypted passwords from ram.

Thanks
Andreas

Comments

  • khad
    khad
    1Password Alumni
    I'm not aware of all the details, but Thomas Roth himself stated that there is not a vulnerability in 1Password:

    Twitter___StackSmashing__%401Password_%28To_anyone_reading_...-20130114-190909.png



    Do you have a link to the article? My German is not very good, so I wasn't able to find it by clicking randomly on links on the c't home page. :)
  • lemonstre
    lemonstre
    Community Member
    edited January 2013
    Thank you for the quick reply and the clearing words.
    The article is right now only availiable in print an get online after the new issue is released. I've send you a full scan via forum message.

    I have translated the relevant part about 1Password (sorry for my english):
    Thomas Roth by Leveldown Security analyzed recently a malware sample that
    fishes 1Password users plaintext passwords from memory.

    It would be nice to know how the user can protect himself from this potential hack.
  • jpgoldberg
    jpgoldberg
    1Password Alumni
    Hi lemonstre,

    Now that the article is published, I'm hoping we can get more information about it.

    Earlier Thomas told us that there is a "lame" attack on 1Password and posed no threat, but he wasn't able to give us details at that time.

    I have my own private speculations about what it might be, but let me try to find out actual facts instead of speculating.

    Cheers,


    -j

    –-
    Jeffrey Goldberg
    Chief Defender Against the Dark Arts @ AgileBits
    http://agilebits.com
This discussion has been closed.