Is 1Password vulnerable to spyware trojan - OS X/OnionSpy

Chris1234

I've just had an email from my Mac shop about a new spyware trojan called OS X/OnionSpy. More detail on:



[url]http://blog.intego.com/2010/06/01/intego-security-alert-osxopinionspy-spyware-installed-by-freely-distributed-mac-applications/[/url]



How does this interact with or impact 1Password? Are any and/or all my logins and passwords etc at risk if this trojan is installed?



This seems serious, how serious is this threat actually?

MartyS

1Password shouldn't be impacted by this or similar "things". Without your Master Password your 1Password data is encrypted on disk so even it something got some or all of your 1Password data file they'd still have to decrypt it. A strong Master Password would be your friend in situations like this.



You'll have to judge for yourself how "serious" this, or any "threat" is to your system or its data. Certainly security advisement companies have a vested interest in bringing these things to your attention.

jpgoldberg

Hi Chris,



Thanks for that question. It gives me an opportunity to reassure you that this kind of thing is not a threat to your 1Password data.



I looked at this specific one a few days ago when it was first discovered. I can confirm that it poses [b]no threat[/b] to your 1Password data. I does send other information about your online activity and contacts to "marketers", but it doesn't know about 1Password and it makes no attempt to break into your 1Password Data.



Let me also reinforce what Marty has already said. Nothing is ever going to get at your 1Password encrypted data without your master password. Even when 1Password has "unlocked" your data, the data is never sitting around unencrypted on your computer.



As always you should always exercise good sense when downloading and installing software to your Mac or any system. What is amusing about this one is that it actually does specify what it does in its User Agreement, but in a part that nobody ever reads.



Cheers,