Lastpass Password Vault Reportedly Not So Secure

SHARE THIS ARTICLE

REACH US

GENERAL INQUIRY

[email protected]

ADVERTISING

[email protected]

PRESS RELEASE

[email protected]

HOTLINE

+673 222-0178 [Office Hour]

+673 223-6740 [Fax]

Upcoming Events

Prayer Times

The prayer times for Brunei-Muara and Temburong districts. For Tutong add 1 minute and for Belait add 3 minutes.

Imsak	: 05:01 AM
Subuh	: 05:11 AM
Syuruk	: 06:29 AM
Doha	: 06:51 AM
Zohor	: 12:32 PM
Asar	: 03:44 PM
Maghrib	: 06:32 PM
Isyak	: 07:42 PM

The Business Directory

Security & Privacy

Home > Security & Privacy

Lastpass Password Vault Reportedly Not So Secure

LastPass aims to protect your passwords.

July 28th, 2016 | 09:41 AM | 1293 views

CNET.COM

A Security Researcher With A Record Of Hunting Down Holes Finds A Big One That Could Give Hackers Access To Your Online Accounts. Lastpass Says, Though, That The Flaw Has Since Been Fixed.

Turns out even LastPass, a service promoted as a password "vault," might be putting its users at risk of being hacked.

A security researcher with an established record of tracking down security flaws has found a so-called zero-day hole -- a software vulnerability that the software's makers don't know about -- that could let hackers remotely break into LastPass' millions of accounts. It takes only a visit to a malicious website to become a victim.

White hat researcher Tavis Ormandy was first to identify the problem, publishing a tweet first noticed by The Register.

Ormandy followed up with a tweet saying that he sent a full report to LastPass and next up will look at a rival password manger, 1Password.

Neither Ormandy nor LastPass immediately returned a request for confirmation and more details on how the hack works.

Update, 1:25 p.m. PT: A LastPass spokeswoman confirmed that the company verified Ormandy's reports and worked quickly to issue a fix for the vulnerability. She pointed to a blog explaining the problem to users and recommended users update LastPass on their browsers.

The blog confirms that Ormandy, a Google Security Team researcher, "contacted our team to report a message-hijacking bug that affected the LastPass Firefox add-on."

"First, an attacker would need to successfully lure a LastPass user to a malicious website," the blog says. "Once there, Ormandy demonstrated that the website could then execute LastPass actions in the background without the user's knowledge, such as deleting items...(T)his issue has been fully addressed and an update with a fix was pushed for all Firefox users using LastPass 4.0."

Source:
courtesy of CNET

by Michelle Meyers

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]