KeepassXC Browser plugin
For years I have been using KeepassXC and in some places even as browser plugin. Its auto typing sequence is very flexibile. But a drop down selection at the input fields for username/ password is much easier to handle. But this comes at a price.
As I raked through open connections I found suspicious IPs
with lasting connections and very low traffic. Looking them
up their origin is KeepassXC Browser addon. A simple invocation
lsof -i tcp is sufficient.
- 22.214.171.124 - Google
- 126.96.36.199 - Amateur Radio Digital Communications
- 188.8.131.52 - Software Editing Corporation, SEC.com, registered in the 90s
The target port was always 443, regular TLS connection. Quote from page:
And also written there this can be disabled completely even as compiler switch. Such a switch is called USE variable on Gentoo. In this case I'd emerge with USE=-network. I removed the browser plugin completely. In addition I disabled any egress from KeepassXC. Connections gone.
- SEC.com – Software Editing Corporation
- KeepassXC FAQ – KeepassXC FAQ, Network access
- KeepassXC Docs – KeepassXC documentation
Correct date of publication, was not in 2018.