{"id":7814,"date":"2017-04-10T12:12:00","date_gmt":"2017-04-10T12:12:00","guid":{"rendered":"http:\/\/localhost\/datcomWP\/?p=7814"},"modified":"2017-04-10T12:12:00","modified_gmt":"2017-04-10T12:12:00","slug":"alert-lastpass-vulnerability-found-is-any-password-manager-safe","status":"publish","type":"post","link":"https:\/\/staging.datcomllc.com\/index.php\/2017\/04\/10\/alert-lastpass-vulnerability-found-is-any-password-manager-safe\/","title":{"rendered":"Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?"},"content":{"rendered":"<p>Thanks to one of Google\u2019s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.<\/p>\n<p><!--more--><\/p>\n<p>After having \u201can epiphany in the shower,\u201d Tavis Ormandy realized that the latest version of the password manager\u2019s browser extension is subject to a flaw that allows some malicious websites to have their way with the user\u2019s system. Otherwise, the vulnerability allows malicious websites to steal the user\u2019s passwords from behind LastPass\u2019 protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.<\/p>\n<p>Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they\u2019re visiting.<\/p>\n<p>To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy\u2019s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:<\/p>\n<ul>\n<li><strong>Launch websites from the LastPass vault<\/strong>: To retain the highest level of security as possible, it\u2019s better to access websites from the LastPass vault itself.<\/li>\n<li><strong>Use Two-Factor Authentication wherever possible<\/strong>: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.<\/li>\n<li><strong>Keep an eye out for phishing attacks<\/strong>: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.<\/li>\n<\/ul>\n<p><span style=\"background-color: transparent;\">LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, \u201cWe greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.<\/span><\/p>\n<p>LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass\u2019 advice to heart for the sake of your own network security.<\/p>\n<p>To ensure your credentials are protected, and to schedule a full security audit, contact COMPANYNAME at PHONENUMBER.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thanks to one of Google\u2019s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7823,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":""},"categories":[12],"tags":[57,155],"_links":{"self":[{"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/posts\/7814"}],"collection":[{"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/comments?post=7814"}],"version-history":[{"count":0,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/posts\/7814\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/media?parent=7814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/categories?post=7814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/tags?post=7814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}