LassPass password manager insecure

LastPass

LastPass

LastPass, a popular password manager, has been found to have a very serious security flaw that allows malicious website so steal all your passwords even if your Last{ass app is not rung, and if it is running then things get even worse because the malicious websites would be able to execute any software they want, on your machine.

Tavis Ormandy, who discovered the flaw, said that its a difficult problem to solve, inferring that the lastPass software will require a complete rewrite with security as a priority.

Tavis Ormandy (researcher with Google’s Project Zero vulnerability reporting team) said: “It will take a long time to fix this properly, It’s a major architectural problem. They have 90 days, no need to scramble!”

I’ve always warned my family and friends that using password managers is potentially a bad idea because it gives attackers a very clear target to attack. Additionally, none of the companies that sell  or give away password management software is big enough to make a lawsuit worthwhile if you life is destroyed by their lack of security.

Today’s announcement is no fluke, LastPass was hacked and user credential were stolen on 17 June 2015. Even non-security problems can leave you in a lurch, as was discovered by 1Password users inability to unlock their passwords this past January. Imagine having all your passwords in one app, that yo just can’t access because its locked against you. That just does not work for me.

What I have been recommend to family and friends is to use Apple Safari’s built in password management feature. Its easy to use, it works automatically on all your Macs, iPhone and iPads and no one has created Apple’s legendary security, not even the FBI. Apple is also a large enough company to execute an effective lawsuit against so of course they expend a lot of effort into making their feature be completely secure for you. Apple has also hired several famous world class security experts to secure your Apple experience. That makes me sleep better at night.

Source

LastPass exploit discovered, company scrambles to repair the vulnerability by Chris Barylick

Related Posts

LastPass and Apple in the Security News

1Password is failing to unlock user passwords, leaves them in a lurch

FBI loses, Apple wins! Justice Department about to retract demand against Apple

Hashtags

#WeStandWithApple

#SecurityForAll

#ThinkDifferent

Blackstone’s Formulation

“It is better that ten guilty persons escape than that one innocent suffer” William Blackstone

Favorite me on AppleNews now, to stay up to date with deep insight and helpful tips.

Get more free cloud storage space now, directly from: Drop Box

Thank you for your support, Please don’t forget to visit the sponsor of my site, Amazon, it really helps me out and does not cost you a single penny extra.

Dr Bob

Dr Bob Tech Blog Privacy Policy

Leave a Reply

CGEIT