Posts Tagged ‘lastpass’

Full LastPass 4.1.42 Exploit Discovered

Tuesday, March 21st, 2017

Password managers must make an incredibly tempting target for hackers. Heads up, LastPass users!

Tavis Ormandy, a prolific member of Google’s Project Zero initiative, revealed that he discovered a new security issue in LastPass 4.1.42 (and maybe earlier). Ormandy revealed that he discovered an exploit, but did not reveal it. Project Zero discoveries are reported to the companies who produce the affected products. The companies have 90 days to react, usually by creating a new product version that they make available publicly to all customers.

(more…)

Security Issues Found in Nine Password Managers for Android (LastPass, Dashlane, …)

Monday, March 6th, 2017

Considering how often major security problems with password managers seem to turn up, you’d probably be better off just writing down your passwords down on the back of a business card.

Security researchers of the Fraunhofer Institute found severe security issues in nine password managers for Android that they analyzed as part of their research. Password managers are a popular option when it comes to storing authentication information. All promise secure storage either locally or remotely, and some may add other features to the mix such as password generation, automatic sign ins, or the saving of important data such as Credit Card numbers or Pins.

(more…)

LastPass Remote Compromise Vulnerability

Thursday, July 28th, 2016

More evidence that it’s probably safer to just write your passwords out on a business card rather than relying on a password manager.

LastPass has a bunch of critical problems of which at least one allows attackers to compromise the password manager remotely according to Google researcher Tavis Ormandy. LastPass is one of the most popular online password management services on today’s Internet. The service offers extensions for various browsers, mobile apps, and dedicated solutions for various operating systems and devices.

(more…)

Researchers to Reveal Critical LastPass Issues in November 2015

Thursday, September 17th, 2015

In the end, will it turn out that writing down your passwords on the back of an old business card in your wallet is actually more secure than an online password management service?

Password managers are great as they store a virtually unlimited number of important information, accounts, passwords, credit card numbers and other sensitive data. They keep you from having to memorize unique strong passwords, or use other means to remember them such as writing them down. All the data is protected by a single master password, and, if supported, by additional means of protection such as two-factor authentication.

(more…)

LastPass Hacked – What this Means to You

Tuesday, June 16th, 2015

Could it be that simply writing down your passwords on an old 3×5 card is actually safer than an online password manager?

Online security company LastPass published an announcement yesterday on the official company blog that it detected and blocked suspicious activity on the company network. According to the information posted on the blog, the company did not find evidence that LastPass user accounts were accessed or user vault data was downloaded. The company did not mention when it first noticed the breach but some users reported that they started to receive spam to email addresses used exclusively for the password manager account on June 8th.

(more…)

Microsoft, LastPass and Others Post Solutions to Handle Superfish

Tuesday, February 24th, 2015

You probably don’t have to worry about this unless you own a Lenovo PC, but it still makes an interesting story anyway …

An adware called Superfish is making big waves currently on the Internet after news spread that PC manufacturer Lenovo shipped some — it is still not clear which devices are affected — consumer PC models with the software preinstalled. The core purpose of Superfish is to display advertisement to users based on what they are looking at in web browsers. It injects advertisement on web pages that users visit in browsers.

(more…)

How to Display Hidden Passwords in Firefox

Friday, April 4th, 2014

As long as you’re relatively sure that nobody is looking over your shoulder while you’re logging in, why not display passwords?

Webmasters can define different input types when it comes to forms. From plain text fields to radio buttons, checkboxes and password fields. The core difference between text and password input types is that input is not displayed in the latter. Instead of seeing the characters that you enter or paste, you only see asterisks.
The main idea behind this is to protect the password from people looking over your shoulder.

(more…)

The LastPass Security Incident – What I Did

Thursday, May 5th, 2011

This article provides a pretty good illustration of one of the major weaknesses of password management solutions; if they can hack their way into your password management solution, they’ve hacked their way into everything you thought was secure.

After finding out that there might have been a security breach at LastPass, a company known for their online password management solution, I quickly changed my master password and started to think about possible consequences.

(more…)