Time: 11:45 AM- 12:30 PM
How many sites do you use? Is the password long enough and secure? Do not tell me you reused it. Unfortunately, we have not a memory good enough to remember so many passwords long and secure. For this reason, there are several companies providing password management applications. However, are they really secure?
I have executed a man-in-the-middle attack against a certain password management application. Surprisingly, the password was exchanged in plain text between .exe and .dll, and it was very easy to steal it. The program I created is generic and, under certain conditions, can steal information between all .exe and .dll in Windows. In this talk, I will demonstrate the actual attack, and provide technical explanations to enable this attack. And finally, I suggest ways to protect other apps from this attack.
Soya Aoyama is a security researcher at Fujitsu System Integration Laboratories Limited. Soya has been working for Fujitsu for more than 20 years as a Windows software developer, and had been developing NDIS drivers, Bluetooth profiles, Winsock applications, and more. About four years ago, soya started security research, and has gave presentation in BSidesLV, GrrCON, ToorCon, DerbyCon and HackMiami in the past. Soya is also the organizer of BSides Tokyo.