News & Vacancies

Welcome to the Microtechs information portal. Here you can see the latest news and read through our current vacancies.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Login
    Login Login form

Password managers vulnerable to insider hacking

Posted by on in Latest Microtechs news posts
  • Font size: Larger Smaller
  • Hits: 196
  • 0 Comments
  • Subscribe to this entry
  • Print

b2ap3_thumbnail_password-managers.JPG

A new study shows that communication channels between different parts and pieces of computer software are prone to security breaches.

Researchers from Aalto University and the University of Helsinki have found over ten computer security-critical applications that are vulnerable to insider attacks. Most of the vulnerabilities were found in password managers used by millions of people to store their login credentials. Several other applications were found to be similarly susceptible to attacks and breaches across the Windows, macOS and Linux operating systems.

Computer software often starts multiple processes to perform different tasks. For example, a password manager typically has two parts: a password vault and an extension to an internet browser, which both run as separate processes on the same computer.

To exchange data, these processes use a mechanism called inter-process communication (IPC), which remains within the confines of the computer and does not send information to an outside network. For this reason, IPC has traditionally been considered secure. However, the software needs to protect its internal communication from other processes running on the same computer. Otherwise, malicious processes started by other users could access the data in the IPC communication channel.

'Many security-critical applications, including several password managers, do not properly protect the IPC channel. This means that other users' processes running on a shared computer may access the communication channel and potentially steal users' credentials,' explains Thanh Bui, a doctoral candidate at Aalto University.

While PCs are often thought to be personal, it is not uncommon that several people have access to the same machine. Large companies typically have a centralized identity and access management system that allows employees to log into any company computer. In these scenarios, it is possible for anyone in the company to launch attacks. An attacker can also log in to the computer as a guest or connect remotely, if these features are enabled.

'The number of vulnerable applications shows that software developers often overlook the security problems related to inter-process communication. Developers may not understand the security properties of different IPC methods, or they place too much trust in software and applications that run locally. Both explanations are worrisome,' says Markku Antikainen, a post-doctoral researcher at the University of Helsinki.

Following responsible disclosure, the researchers have reported the detected vulnerabilities to the respective vendors, which have taken steps to prevent the attacks. The research was done partly in co-operation with F-Secure, a Finnish cyber-security company.

The research will be presented at the DEFCON security conference on August 12, 2018, and at the Usenix Security conference on August 17, 2018.

Story Source:

Materials provided by Aalto University. Note: Content may be edited for style and length.

Aalto University. "Password managers vulnerable to insider hacking: A new study shows that communication channels between different parts and pieces of computer software are prone to security breaches.." ScienceDaily. ScienceDaily, 15 August 2018. <www.sciencedaily.com/releases/2018/08/180815102906.htm>.

Image: Shutterstock

Microtechs 24/7 White label support services

With Microtechs outsourced UK remote support services you can focus on managing relationships and delivering your core business. Manned 24/7 by fully trained technical staff in Surrey, your customers will receive a personal answer to any support issue raised, at any time of the day or night.

             Are you a IT / Telecoms / Software provider with an expanding customer base?

             Are you spending so much time on IT support that you struggle to develop new clients?

             Are you struggling to find and retain the right support team members?

             Need to cover extended hours easily?

             Had a poor experience outsourcing offshore?

             Looking to increase your customers up-time?

             Need to reduce your costs and lower overheads by as much as 40%?

Our client-specific 1st and 2nd line teams can monitor your servers and support queue (email, alert or phone) 24/7 or just as overflow. When a new incident comes in, we work to resolve the issue and respond to your customers through phone or your support system, thereby maintaining 100% transparent support. This includes 3rd party escalations and incident management.

As a white label managed service provider, we operate as an extension of you, so your customers will be thanking you for the expert service they receive, the peace of mind you bring and the additional value you have added to their business.

             Fully inclusive services with an average 80% resolution rate

             15 minute NOC response times

             80% of telephone calls answered within 60 seconds

             Completely white labelled to your brand / customers brands

             Desktop / Network / O365 / Mac / Telecoms / Bespoke software / Wi-Fi

             Pricing from £500 per month

If you need overflow during the day or a whole support desk from inception or just some monitoring services overnight, please drop us an email or give us a call.

Please contact us for further information on 01483 407417.

0

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest
Guest Tuesday, 23 October 2018

DID YOU KNOW?

We help over 14,000 customers a month through our IT support centre in Guildford, Surrey

Microtechs monitor over 10,000 servers, access points and routers 24 hours a day, 7 days a week and answer well over 14,000 support calls a month.

Each and every client is just as important to us, whether you have 1 or 5000 computers or users. Our exceptional team provides the highest level of service to every single caller.

 

CONTACT US

Our business truly is 24/7, We operate entirely out of this office using our own staff.

Microtechs Head Office

Microtechs Ltd
Sussex House
11 The Pines
Broad Street
Guildford
GU3 3BH  

T: +44 (0) 1483 407400
Einfo@microtechs.co.uk

Alternatively, please use our Contact Us Form

 

WE'RE TWEETING

OUR COMPANY

Our Commitment to you

We are family run with all of our business based within the UK. We will only ever use UK staff and offices to provide our products and services to you.

Microtechs provide a variety of outsourcing solutions for individuals and businesses, whether its for 24/7 Helpdesk Services, Nationwide Engineer Coverage or IT Support.

button