The news is out that password manager LastPass has some critical security flaws that allow malicious websites to steal passwords. The first flaw was spotted by Tavis Ormandy of Google’s Project Zero security team. He found that the LastPass Chrome extension has an exploitable content script that webpages can exploit to extract usernames and passwords. The good news is the LastPass folks quickly fixed this exploit. The bad news is that Firefox users are not immune as a similar exploit was found in an extension for that browser:
There is apparently a fix for this on the way. On top of that, LastPass is recommending that you move to version 4.x of their Firefox extension. However, before you do, you might want to read this from Mr. Ormandy:
https://twitter.com/taviso/status/844312124541186048
It really seems that LastPass has some serious holes in it at present. Hopefully this all gets patched quickly. But you may want to consider moving to another password manager if you feel the least bit insecure.
Related
This entry was posted on March 22, 2017 at 9:21 am and is filed under Commentary with tags LastPass. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
LastPass Seems To Have A Security Problem
The news is out that password manager LastPass has some critical security flaws that allow malicious websites to steal passwords. The first flaw was spotted by Tavis Ormandy of Google’s Project Zero security team. He found that the LastPass Chrome extension has an exploitable content script that webpages can exploit to extract usernames and passwords. The good news is the LastPass folks quickly fixed this exploit. The bad news is that Firefox users are not immune as a similar exploit was found in an extension for that browser:
There is apparently a fix for this on the way. On top of that, LastPass is recommending that you move to version 4.x of their Firefox extension. However, before you do, you might want to read this from Mr. Ormandy:
https://twitter.com/taviso/status/844312124541186048
It really seems that LastPass has some serious holes in it at present. Hopefully this all gets patched quickly. But you may want to consider moving to another password manager if you feel the least bit insecure.
Share this:
Like this:
Related
This entry was posted on March 22, 2017 at 9:21 am and is filed under Commentary with tags LastPass. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.