-
Tips for becoming a good boxer - November 6, 2020
-
7 expert tips for making your hens night a memorable one - November 6, 2020
-
5 reasons to host your Christmas party on a cruise boat - November 6, 2020
-
What to do when you’re charged with a crime - November 6, 2020
-
Should you get one or multiple dogs? Here’s all you need to know - November 3, 2020
-
A Guide: How to Build Your Very Own Magic Mirror - February 14, 2019
-
Our Top Inspirational Baseball Stars - November 24, 2018
-
Five Tech Tools That Will Help You Turn Your Blog into a Business - November 24, 2018
-
How to Indulge on Vacation without Expanding Your Waist - November 9, 2018
-
5 Strategies for Businesses to Appeal to Today’s Increasingly Mobile-Crazed Customers - November 9, 2018
LastPass has a security bug that is putting accounts at risk
A unsafe, previously unknown security vulnerability has been discovered in LastPass which permits attackers to remotely compromise user accounts.
Advertisement
The researcher, who has found critical problems and security failures in software including Symantec products and Avast solutions is setting his sights on 1Password next.
Respected Google Project Zero white hat Tavis Ormandy recently revealed a gaping security hole within password manager LastPass’ software that puts millions of users at risk.
Advertisement
When examining the password manager, he tweeted on Tuesday, “Are people really using this lastpass thing?” She pointed to a blog explaining the problem to users and recommended users update LastPass on their browsers. However, password managers also have one potentially large weakness, and that’s the fact that if your master password is leaked, then all of your other passwords will be, too. Then he could extract the credentials for twitter.com, and he could use the same tactic to get the credentials for other popular sites, too, due to the bug in the autofill functionality. “I’ll send a report asap”, he later followed that up by confirming that he has reported the issue to LastPass and that it did pave the way for total remote compromise of accounts. On Wednesday, Mathias Karlsson at Detectify Labs said that he had also managed to hack LastPass – in this case, to steal user passwords. It noted that both vulnerabilities would require the hacker tricking the user into visiting a malicious site for them to work.