Any views on using KeePass 1.x (Classic) vs 2.x (Pro)? I am tempted to use the Classic version available via PortableApps.com? Also - would it integrate with KeeFox add-on?
http://keepass.info/compare.html I really don't see the point of using the Classic edition. Remeber to use Keepass 2 with Secure Desktop for Master password and Auto-type obfuscation.
Why? All this "protects" against is locally running malware. But once malware has reached that point, it's game over, it's game over anyway. See https://blogs.technet.microsoft.com/rhalbheer/2011/06/16/ten-immutable-laws-of-security-version-2-0/
I guess, they keep it alive, because it does not require NET Framework, which is being used by malware just like powershell. Whenever it is worthy is up to the user. Because it might prevent the stupid malware from getting your real password. AVs have problem detecting zero day malware, but this method gives at least some protection against them.
http://keepass.info/help/kb/sec_desk.html AND: http://keepass.info/help/v2/autotype_obfuscation.html This is perfect? No. But does it bring me any disadvantages to use? Neither. As I don't have any incompatibility issues using this options, I don't see why I wouldn't use it.
Is there any reason why one should use that add-on at all considering that auto-type works very well? I for my part don't miss it.
I don't use the plugin too. Using a plugin can be "more convenient" for some people (automatic login,etc.), but using Auto-type ("Perform Auto-Type - Ctrl+V") is sufficient and works well.
Yes of course, but I personally use only one PC, and never log in to important sites on other PC's. But we all know that browsers aren't really that safe for storing passwords, malware can easily steal and decrypt passwords. A simple password manager like RoboForm should have been implemented by browser makers long ago.
A couple of new LastPass exploits one that works only in FF and another for any browser/platform. You have to go back a few days to see the 1st exploit. https://twitter.com/taviso/with_replies
Remote Code Execution is possible if the Binary Component of Lastpass is installed, otherwise it can steal passwords. The previous exploit (March 16) is affecting the lastpass-addon for firefox (v3.3.2) LastPass answered (or: "twittered" ), and they are working on a fix.
Current LastPass add-on for Firefox is v4.1.35a so I wonder why v3.3.2 is being offered in Mozilla's add-on library?
LastPass will fix these quickly. They run a pretty secure ship. Ormandy provides a great service to various software companies, through Google free of charge.
They have already fixed the issue. If you follow Ormandy on twitter you can see he finds exploit in a lot of software. LastPass fixes these really quick. Some companies like Commodo just ignore the exploits.
All software has bugs. LastPass is very good about fixing them. I would not dump them based on anything I have seen here.
Oh I know. It's just not the first time I've heard about issues with them. If it's been patched, I will hang tight for now.