Limitations: Attacker must have full access 1:20 Dude! If attacker already has full access then you are already .....

@erce1000

3 жыл бұрын

I agree with that. If they have access of course they could do mostly anything

@collinsinfosec

3 жыл бұрын

It's about limiting the attack surface. If an attacker were to get access to your device, they could encrypt your files - I would agree. But they could also get your passwords as well - if stored in a browser.

@lokeshkoliparthi9268

3 жыл бұрын

@@collinsinfosec if attacker can get physical access or fully remote access(can control input/output) to computer then they could just export passwords to a file without need of any kind of scripts.

@TimeoutMegagameplays

3 жыл бұрын

@@lokeshkoliparthi9268 If you are using a password manager the hacker would still have to keylog you master password, and would need access to your 2FA (which I really hope you are using), so the passwords are still safe.

@nishantgupta1854

3 жыл бұрын

wow haha

Keyloggers. Never type on your keyboard, here's why. Limitation: Physical access. Spyware. Never speak into your microphone, here's why. Limitation: Physical access. Spyware. Never use the monitor to view your data, here's why. Limitation: Physical access.

@thedoublehelix5661

3 жыл бұрын

Lmfao

@nirupamaroy2313

2 жыл бұрын

Never use a computer Limitation physical access

@theepicduck6922

6 күн бұрын

Use your psychic connection to the internet like an expert of course.

if someone has access to the device its already compromised or encrypt your device. this video is kind of misleading.

@erce1000

3 жыл бұрын

I agree

@rahuldora1587

3 жыл бұрын

Yeah you are right.

@adityaj7664

3 жыл бұрын

Yeah!

@alvinxyz7419

3 жыл бұрын

clickbait right

@TimeoutMegagameplays

3 жыл бұрын

Still, if he's using a password manager and notices that the machine has been for instance backdoored, he can simply format completely and reinstall the system, as long as he doesn't access his passwords from his password manager it's still safe, so it's still better than having it on the browser.

Good thing I have my passwords on a word document.

@pixums

3 жыл бұрын

even worse..

@rakeshchowdhury202

3 жыл бұрын

If it's inside a veracrypt vault

@siriusleto3758

3 жыл бұрын

Bad ideia. If you have been infected you cannot escape. It is even easier to read a word document, as you don't need to decrypt it, you don't need to use specific software.

@siriusleto3758

3 жыл бұрын

@EnergySandwich Maybe. I've met someone who backed up the file in the Windows recycle bin.

@calebpersonal9987

3 жыл бұрын

All fun and games till you get ratted and someone downloads that file

On firefox, if you have remote or physical access to the machine, you can just go in the security settings to check the saved usernames and passwords... no need to use any script for that lol (dunno about chrome) Honestly, if you got someone with ill intention having access to your PC, you're fucked and that's it.

@BobbyPhoenix

3 жыл бұрын

Exactly this. At least he started the video by saying you need 100% full control of the computer. Well yeah if you have that you can do much more stuff than just steal passwords for my browser. That's like saying don't leave your wallet on your kitchen table as you should lock it in the safe behind a picture in the wall, but that's because if someone ever gets 100% full access to your house either by key or breaking in they can steal all your information you have in your wallet. No duh.

@afisap6969

3 жыл бұрын

But, in firefox you can create master password to prevent it

@siriusleto3758

3 жыл бұрын

Chrome too. Just use the same Windows password you used when physically hacking your computer and ready, all browser passwords will be shown.

@soltanayarix428

Жыл бұрын

but bro, python script and linux tools works automaticly and easy

@estebanod

Жыл бұрын

On chrome you need to use the pc password to access the passwords

If you are afraid of using password managers.. consider using them but store partial passwords. What I mean by that is that you simply add or subtract a special sauce that only you know about. By doing so, credentials stored in a password manager will never be sufficient to login so they become useless for everyone else that might get a hold of them.

@fearless6947

11 ай бұрын

What Swedownhill means is, save the password that google password manager gives you (SAVE it). An example could be on your amazon account. Recreate a new password on your amazon account but, this time, use the same password and add words or letters to the password (this time do NOT save it in google password manager). Everytime you log in, just add an extra word to it.

@SweDownhill

11 ай бұрын

@@fearless6947 Actually no, that's not what I meant. Here's a better example: Lets say you generate a password of abc123def456, where/how it was generated doesn't really matter. You can then choose to store that exact password in a password manager. If the vault were to be compromised then the hacker would have access to that password/service. However, if you generate the above password, store it in the vault and then add your own special sauce outside of the vault. Then you, and only you would have access to the actual password. To further elaborate on this idea, let's create a few examples: Generated password stored in vault: abc123def456 Always subtract 2 letters: abc123def4 Always add QZ to every password: abc123def456QZ Etc. If you generate another password: qwerty987, then the same logic would be to store that in the vault, and then the actual password would be either qwerty9 or qwerty987QZ depending on the special sauce that was chosen. Of course, you should come up with your own system. These are just for demo purposes.

@4lpina

9 ай бұрын

I am not sure how much this would help. If you are using the same system for all your passwords (otherwise what's the point), at some point some crappy website leaks your password and hackers can see your 'sauce' you used for all your password. Essentially you can never really trust this 'sauce' since chances it will leak at some point if you use it for many websites.

@charliee5970

6 ай бұрын

@@SweDownhillNever thought of that, that's good!

@charliee5970

6 ай бұрын

@@4lpina His idea isn't addressing your situation you gave. In your example literally nothing would help protect your password.

Your content is advanced and refreshing. Very helpful. 👍

i audibly let out a sigh of frustration because i know youre right but im too lazy to put effort into remembering my passwords >:(

@collinsinfosec

3 жыл бұрын

Convenience vs Security is always dilemma 😂 Sometimes you have to choose, sometimes you have to meet in the middle.

@DiekiKondrael

3 жыл бұрын

Remembering your passwords is a worse idea than storing them in the browser. Anyone that can extract passwords from Chrome's storage can also log your keystrokes as you type the password in. Plus, relying on memory to store passwords leads to password reuse, which is a far bigger problem.

@092_deepak_kumar3

3 жыл бұрын

Use Bitwarden

@dashy324

3 жыл бұрын

Use a password manager

@ko-Daegu

3 жыл бұрын

@@dashy324 Yes + 2FA

Alternate title: How to get your parent’s Amazon password for Vbux

@unverified-user

2 жыл бұрын

Bobux

Grant thank you. Your content is always excellent!!

Cool..Thats a great tip Thanks man😅😅

Great explaining.

currently using bitwarden with the chrome extension. Is the extension okay to use security wise?

@erce1000

3 жыл бұрын

Yeah, good question.

@collinsinfosec

3 жыл бұрын

Good question. I haven't personally used BitWarden. I would say yes. Best possible solution would probably be a local password management such as KeePass.

@kareemschultz

3 жыл бұрын

@@collinsinfosec Bitwarden also has a self hosted version and its code is visible for everyone to see and inspect as oppose to some other password mangers

Hhhhhh good luck for a hacker to get a full remote control of my laptop

@kgaming7599

3 жыл бұрын

ikr

@Nerd2Ninja

3 жыл бұрын

The laptop would be easier than a desktop to get full remote access to assuming you ever connect it to wifi

@Hello_am_Mr_Jello

3 жыл бұрын

hhhh dahka mrokia

@tyrellwreleck4226

3 жыл бұрын

Even modern routers have firewall protection against modern attacks.

@Synceditxboxoffice

3 жыл бұрын

if you are connected to internet via Ethernet or WiFi doesn't matter that cause someone will connect to the network or more likely hacker will connect to your router and then hack all the devices connected to that particular router he will poison it and boom he will have all the thingssss lolx

Is it the same problem if you use your password manager as an extension in your browser? That seems to be the only solution for autofill, but I always wonder if it leaves your data clear out in the open after you've unlocked it.

@Euronius

10 ай бұрын

Apparently if you store your passwords with Keepass 2, it has an autofill feature where you just tab into Keepas, press Paste (Ctrl + V) and it will autofill the username AND password for you on the webpage. I just found this out today. Might actually use it solely for this one, neat feature.

Hi grant can you make a video on programming in security and if OOP is needed for security

Great video Thank you fro telling

It’s kinda hard to get direct access to a Linux machine these days lol. Also, half of these vulnerabilities have been patched, and continue to get patched.

Use password managers! I recommend bitwarden

If i have someone else windows password, i will simply open chrome, head to password and browser will ask the windows password again and will simply put it there as well and see/copy password. Using browsers to save password is not insecure but you have to be secure enough not to have anything let your pc or browser access it.

@faithfulojebiyi

3 жыл бұрын

It's just the same as someone having the password to your password manger fam

I don't know why, you just suggesting to use password manager. As mention kevin mitnick or edward snowden, I forgot who say that "you don't use password manager" its just pushed you to out from scure password and just collecting your password to be generic password

Can I save passwords in my Google account only? Not in any browser. I have to save passwords in my Google account only because I can't remember all passwords from all website. Can you give me possible way to solve that problem?

A friend got hacked and the hacker sent me an exe that I foolishly opened. He got all of my chrome passwords. He must have used the project tool described here to get my chrome passwords. I checked for any suspicious incoming established connections and my anti virus/operating system is picking up nothing. Should I still be concerned after changing my passwords? I am using a VPN but I'm not sure if that did anything in this situation.

Hey what things can cause someone get access to control ur system ? Someone tried to log into my fb I’m sure they got the password from my pc bit idk how they keep getting access to it

This makes no sense. Attackers can also end emails from your account and gain access to your bank account... if they have access to your account.

How are they going to get access to my machine. Also all my passwords are linked to a G-mail account that has a backup account in my service provider and also a phone contact so finding my password to IG or Tik Tok would be pretty temporary. I am a bit worried about when I do sign up for online banking as I don't believe banks are that bright generally and I'm a bit leary of PayPal too although they may be smarter than the bank in matters of IT and Security.

Time to time chrome has fixed the patch effectively , no need to worry about security issue its just info video

Thanks

1. Close your remote access if not necessary. 2. Do not use unsafe public networks if your machine is remotely accessable.

@OfficialDigitalMishra

Жыл бұрын

Agree! Lots of Tricks to fetch ur browser password

I have done this on the past :(

How safe would saving passwords in a .png file be? Just open it with notepad.

thanks

Glad i have my own software for storing these

@B14ckFoot

2 жыл бұрын

whoa teach me

I learned it from the hard way. My accounts linked through google Password manager, including my Google account, got compromised by a phishing auto token grabber. I am also learning Security Awareness and all browsers create a specific encrypted file with ALL passwords with jumbled text. With that file, they can use a cracker to get every single email and password in just a click. It is absolutely unacceptable. You are best just making your own strong password and write it in a small journal/composition book.

I know I asked this question before but do you know anything about cryptography? Just curious

@collinsinfosec

3 жыл бұрын

I do know the basics of cryptography, but I am not well-versed in the area of how the algorithm actually works or was developed from the mathematical perspective (math probability, etc).

After some here and there I am able to decrypt the password saved by chrome which is above chrome version 80.

Can browser extensions steal saved passwords from the browser?

Thank you thank you thank you, finally I convence my family to stopped this practice

Is it safe to save in password managers like bitwarden,dashlane etc

@livedreamsg

3 жыл бұрын

Yes. Bitwarden encrypts end to end.

But is it applied to mobile devices also?

USEFUL VIDEO

@MalumFashEntertainment

3 жыл бұрын

No. It's misleading

can fond someone anther pc or laptop browser history

Did u edit this video in linux?

Thanks man👍🏻

So, in conclusion, really, saving your passwords in your browser is fine just as long as you keep everything updated, and you keep your network and home OS secure from RATs exploiting backdoors.

i didn't even stored my passwords in browser but because of malware they take away all login details of the accounts which i logged in the browser like insta,fb,youtube and google account...........even the 2 key factor authentication is on still they hacked my accounts

U should save ur passwords in lastpass its the best

Hey bro i am getting virus attack from last 2 month which is crypto tab browser. This virus destroy my system many of time. Please help me

You kinda remind me of Eddie Brock Jr. In Spider-Man 3 (2007)

How about Lockwise by Firefox?

Meanwhile my mind thinking how to update the code to work on chrome ver 88

fairly certain that's why you set a master password in your browser

Your Awesome

This type of attack can be used on any password manager. The solution here is to have a hardware password manager. There are a few out there but they are not that good for example, Ledger Trezor and Mooltipass Password Managers.

@Wan_Destroyer

2 жыл бұрын

Google Patch this (Locked Database)

What about encryption by chrome?

I'm from the future, I've already seen the whole video.

@tentrot4420

3 жыл бұрын

What is going to be the next vid? 😂

@roffe2k736

3 жыл бұрын

Okay... just so you know you can't tell this to anybody, the next video is going to be a crash course about the bash terminal and permissions in Linux for cybersecurity reasons.

@htetaunglwin8941

3 жыл бұрын

Incredible,I don't believe.

@collinsinfosec

3 жыл бұрын

Can you guess what I am thinking... 🤔 (**cough dee boo dah **cough).

@roffe2k736

3 жыл бұрын

​@@collinsinfosec Exactly! You got one secret, your biggest goal that you want to accomplish is making the "dee boo dah" virus go viral and take over the world with the new ransomware technology you're secretly working on. Sorry, but you asked me for this so the world has to know now...

Dude if someone already has remote code execution you lost. This is kinda fumb, like even if you encrypt your passwords, you have to type your master password to decrypt, which if you system is compromised to this level, you lost as well.

Nice

did you reported that as bug bounty to google ?

@h.fontanez5453

3 жыл бұрын

🤣

This is amazing! Thank you

mine saved at keep

How about LastPass?

Thanks Grant ! Why aren't the browser hashing the passwords by default? What's the reason in your opinion? Greets from Germany

@DiekiKondrael

3 жыл бұрын

Hashing passwords would render them useless here, since they have to provide the full original password to the website.

@collinsinfosec

3 жыл бұрын

Hey! Browsers do encrypt the passwords when stored, but you can decrypt them as well if you had access to the machine. Hashing wouldn't be a viable use case here.

@Simonius95

3 жыл бұрын

@@collinsinfosec thanks for the response. Besides using for example LastPass, is there any other in built Browser solution in sight?

@farhanaditya2647

3 жыл бұрын

@@DiekiKondrael I'm sorry, I don't get it. Didn't the browser already send the full password? I mean, that's why you don't have to type it manually.

@Simonius95

2 жыл бұрын

? Do you know sth?

Bad thing is Lazagne does not work well on Windows

Good info but you could have left all the details out for hackers our there on all the tools to use and process to hack someone's password.

I use bitwarden

I have passwords in encrypted vault on my phone

Oh its good

what is the need for noisy background music?

well I wrote a password encoder that encodes a json file into a wav file. All you can hear from it are bunch of beeps with a frequency of 8000 and 9000 Hz. I copied the wav file into all of my devices. Decoding it will be easy but no one could guess that lol.

Thank god my password is written in my wallpaper

good thing i save my passwords in youtube comment sections

From the beginning i always store my passwords in a encrypted usb and the decryptor is sonewhere lol

What about pass? I mean pass the standard unix password manager

isnt lazagne and the python blocked by most antivirus nowadays?

@noviccen388

Жыл бұрын

please

and if using 2FA?

Nice.

I thought this would be a password manager ad (Edit) Oh

You can set a masterpassword in Firefox to prevent this. But at that point why not just install a proper password manager

@tafadzwachimwe777

2 жыл бұрын

A password manager is better but Firefox is free

@OfficialDigitalMishra

Жыл бұрын

Nothing will work Hackers are smarter

Hi sir.......😍😍😍😍

It was good thanks

Thank you for new virus attack idea, i use python...

@Kaos.117

3 жыл бұрын

You must suck at it to think that this is a new idea XD

@sheez-5486

3 жыл бұрын

@@Kaos.117 i do suck XD, but actually i had a virus idea since i started the Pythin XD, how evil am i...

lol, this is just a bit overcomplicated process for a simple expected result. If an attacker has full access to the victim's PC, he can get the passwords stored in the browser in less than 5 secs. The best advice if you store passwords in the browser is to get the USB security key and enable 2FA requiring security key and store passwords only for the services that have 2FA enabled. Attackers can still have your passwords but can't do shit about it to get access as long as you have the security key. The rest of the passwords should go to your password vault like Keepass. Also, don't trust online password managers, instead use offline password managers like Keepass.

Well, where else am I supposed to store them? Other services either are on the cloud which runs in the risk of losing everything if thst service dies or is not free, and paying for the access of your passwords suck. Tell me if there is a better FREE SECURE password manager than Ill chanfe my mind. Also, the only way this can happen is if someone stole my device. Thst isnt going to hapoen anytime soon. Even if so, Google has many ways to prevent compramise.

@Servidor_Publico_do_Ancapistao

3 жыл бұрын

Pen and Paper

@yonderalt2662

3 жыл бұрын

@@Servidor_Publico_do_Ancapistao Again, not free and worse than a browser insert seeing as I have to find rhe paper (if its burried somewhere) and type it letter by letter cause no automatic insertion and "********" (not everything has Shoe Passseord)

but nobody have python installed

Saying that it is easy to steal passwords from the browser is wrong in my opinion. I mean, probably the browser is not the best place, but it's not even the worst place. At the same time it's not that easy to have access to another person's computer in a real world scenario.

Ya i stored password in chrome 🙃

I love u

Even in your own pc?

@collinsinfosec

3 жыл бұрын

If you want "optimal" security - I would say yes, even on a personal PC.

If the passwords are encrypted with SSL (now is more common) this will not work :)

What if you just put your passwords on paper... 😐

well i already never clicked the button cuz i have a other password manger

Save in safari then

eh, redundant no? i mean if someone has access to your pc can't they just dump cookies and bypass both the password and the 2fa since that cookie session is already authenticated?

You’re most likely fine to store your password in browsers as long as you don’t install or use software that are dubious. Like come on, the attacker would have to have control over your computer, that’s not easy unless you’re asking for it.

@collinsinfosec

3 жыл бұрын

Yep that is correct. As hinted at in the limitations section, an attacker would need to have access to your machine. The demos were just a couple examples of how post-exploitation could happen in the real-world scenario

hahaha sorry but if you have full access you can directly do the hell lots of things in one go like ssh or list all the things in his own shell and then attack on it or download everything from it and can do more and more and more

Oh shit

Do not save passwords in Google or any website logins

De Boo Da

So that is why i lost my epic and steam account...