All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Up to 1527MB/s sustained performance
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$348 $298
SAVE $50

$170 $120
SAVE $50

$300 $175
SAVE $125

$989 $869
SAVE $120

$400 $310
SAVE $90

$1499 $1149
SAVE $350

$322 $242
SAVE $80

$1499 $1149
SAVE $350

$180 $180
SAVE $click

$524 $299
SAVE $225

$180 $156
SAVE $24

$130 $100
SAVE $30

$3498 $2998
SAVE $500

$1699 $1149
SAVE $550

$280 $230
SAVE $50

$1899 $1499
SAVE $400

$4499 $3499
SAVE $1000

$2198 $1998
SAVE $200

$3998 $3498
SAVE $500

$1799 $1699
SAVE $100

$18599 $16599
SAVE $2000

$1149 $849
SAVE $300

$650 $450
SAVE $200

$199 $119
SAVE $80

$280 $200
SAVE $80

$1399 $1049
SAVE $350

$1199 $779
SAVE $420

$250 $220
SAVE $30

$1699 $1149
SAVE $550

$195 $125
SAVE $70

$79 $49
SAVE $30

$120 $30
SAVE $90

$198 $148
SAVE $50

$3899 $1499
SAVE $2400

$2999 $1999
SAVE $1000

$1699 $899
SAVE $800

$1698 $1198
SAVE $500

$1149 $849
SAVE $300

$1399 $1049
SAVE $350

$1498 $998
SAVE $500

$2797 $2497
SAVE $300

$280 $230
SAVE $50

$799 $549
SAVE $250

$899 $549
SAVE $350

$420 $170
SAVE $250

$1699 $1149
SAVE $550

OWC Thunderblade Thunderbolt 3 SSD

Blazing fast, up to 16TB.

YEE HAH!



√ No more slow and noisy hard drives!

Don’t Assume that a Password Manager is Safe, Auto-Fill for Password a Bad Idea

Security expert Bruce Schneier posted some good info on password managers.

Security is often a trade-off with convenience, and most password managers automatically fill in passwords on browser pages. This turns out to be a difficult thing to do securely, and opens up password managers to attack.

My own password manager, Password Safe, wasn't mentioned in either of these papers. I specifically designed it not to automatically fill. I specifically designed it to be a standalone application. The fast way to transfer a password from Password Safe to a browser page is by using the operating system's cut and paste commands. I still recommend using a password manager, simply because it allows you to choose longer and stronger passwords.

MPG agrees completely that use of a password manager is a big step up in security for most users, because password quality goes way up—relieving the user of the need to think up new and relatively weak passwords and/or struggle with strong but difficult and hard to remember passwords.

I don’t know if Apple Safari Auto Fill is secure or not. Or if secure, whether if it will stay secure. But this is how I configure Safari.

Apple Safari auto-fill username and password
Is it safe? You never know, and so it is never a good idea.

Auto fill for passwords = risky in general

Free WiFi might be far more costly than you think.

From Password Managers: Attacks and Defenses. Emphasis added. Lots more critical details, but the main thing is that autofill is a dubious idea subject to many risks, and varies by browers and password manager as to the extent of those risks.

As a warm-up we present one example here. Consider web sites that serve a login page over HTTP, but submit the user’s password over HTTPS (a setup intended to prevent an eavesdropper from reading the password but actually leaves the site vulnerable).

Suppose a user, Alice, uses a password manager to save her passwords for these sites At some point later, Alice connects to a rogue WiFi router at a coffee shop. Her browser is directed to a landing page that asks her to agree to the terms of service, as is common in free WiFi hotspots. Unbeknownst to Alice, the landing page contains multiple invisible iFrames pointing to the login pages of the websites for which Alice has saved passwords. When the browser loads these iFrames, the rogue router injects JavaScript into each page and extracts the passwords auto-filled by the password manager.

This simple attack, without any interaction with the user, can automatically extract passwords from the password manager at a rate of about ten passwords per second. Six of the ten password managers we examined were vulnerable to this attack.

From the user’s point of view, she simply visited the landing page of a free WiFi hotspot. There is no visual indication that password extraction is taking place.
...
Chrome (all platforms) is the only automatic autofill password manager that is not vulnerable to the iFrame-based attack, because they never automatically autofill passwords in iFrames. All the other automatic autofill password managers are vulnerable to this attack. Even though the autofill policies of Norton IdentitySafe, Safari, Mobile Safari, and LastPass Tab described in Sec- tion 2.2 restrict the number of passwords that can be stolen in a single sweep to 1, they remain vulnerable.

Password sync across devices (e.g. desktop computer and iPad/iPhone) is a risky thing too, for reasons the paper discusses.

We disclosed our results to the password manager vendors, prompting several changes to autofill policies. Due to our findings, LastPass will no longer automatically autofill password fields in iFrames, and 1Password will no longer offer to fill passwords from HTTPS pages on HTTP pages.

Emperor’s new Password manager

A video explaining some vulnerabilities. Again, auto-fill is a bad idea, but there is more than that.

OWC Envoy Express

World’s first Thunderbolt 3 M.2 NVME SSD enclosure.

Super fast, bus-powered, 3.3 oz, DIY easy, rugged and compact!


See also OWC Express 4M2
√ No more slow and noisy hard drives!
OWC Envoy Pro EX SSD
Blazingly fast Thunderbolt 3 SSD!

Up to 4TB capacity, USB-C compatible.

USB-C model also available


Great for travel or for desktop!
OWC Accelsior 4M2 PCIe SSD
6000 MB/sec!
Mac or PC.


Ideal for Lightroom, Photoshop, video.
Capacity up to 16TB!

Save the tax, we pay you back, instantly!
View all handpicked deals...

Lexar 128GB Professional 2000x UHS-II SDXC Memory Card
$170 $120
SAVE $50

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__