Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Total Tech Care Blog
0 Comments
Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

After having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.

Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they’re visiting.

To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy’s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.

LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.

LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass’ advice to heart for the sake of your own network security.

To ensure your credentials are protected, and to schedule a full security audit, contact Total Tech Care at 866-348-2602.

Tweet
Tags:
Alert Data Breach
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 21 November 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Business Google Network Security Microsoft Internet Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Disaster Recovery Android VoIP communications Business Continuity IT Support Smartphones Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Collaboration Productivity Cybersecurity Quick Tips Users Business Management Phishing Windows Upgrade Managed IT Services Outsourced IT Ransomware Data Backup Windows 10 Cloud Computing Data Recovery Office Server Save Money Passwords Windows 10 Social Media Saving Money Holiday Tech Term Gadgets Chrome Virtualization Managed Service Managed IT Services Microsoft Office Automation Cybercrime Operating System Artificial Intelligence Facebook Computers BYOD Mobile Device Management Health Networking IT Support Internet of Things Hacking Wi-Fi Information Remote Managed Service Provider Spam Office 365 Alert Telephone Systems Covid-19 Information Technology Recovery Employer-Employee Relationship Bandwidth Router BDR Social Engineering Mobility Encryption Application Applications Human Resources Data Breach Remote Monitoring Law Enforcement Big Data App History Password Mobile Computing Money VPN Blockchain Data Storage Paperless Office Patch Management Remote Computing Government Mobile Office Private Cloud Managed IT Office Tips How To Training Apps IT solutions Gmail Entertainment Website Budget Settings Google Drive Vulnerability Two-factor Authentication Windows 7 Word Mouse Avoiding Downtime HaaS Infrastructure Servers Voice over Internet Protocol Data Security Bring Your Own Device Flexibility Wireless Data Management Marketing Work/Life Balance WiFi End of Support Education Physical Security USB Firewall Safety Telephone System Conferencing Staff Software as a Service Sports HIPAA Virtual Reality Redundancy Machine Learning Apple Scam Connectivity Keyboard Remote Work Social User Error Vendor Management Meetings Vendor Managed Services Save Time Display Risk Management Data Protection Hacker Cleaning The Internet of Things Employee/Employer Relationship Lithium-ion battery RMM Computing Printer Business Technology Content Management Battery Bluetooth Shadow IT Access Control Hiring/Firing Customer Service Environment Legal Virtual Assistant Internet Exlporer Authentication Fax Server Digital Signage IT Consultant PDF SaaS Business Intelligence Humor Update Procurement Proactive IT Audit Worker Network Congestion Workplace Strategy Net Neutrality IT Management Best Practice eWaste Google Docs Botnet Help Desk YouTube Identity Theft Printing Black Market IT Plan Unsupported Software Augmented Reality Wearable Technology Document Management Managed Services Provider Hard Drives Solid State Drive Wireless Technology Charger Retail Fraud Instant Messaging How to Database Downtime Remote Worker Compliance Robot Excel Remote Workers OneNote Virus Computer Care Cryptocurrency Current Events Biometrics Data storage Telephony Unified Threat Management Virtual Desktop Automobile Processor Computer Accessories Samsung DDoS Comparison Hard Drive Computing Infrastructure Going Green Value SharePoint CES Spam Blocking Electronic Medical Records Evernote Analyitcs Techology Smartwatch Laptop Screen Mirroring Wire Loyalty Ergonomics Books Programming Development Travel OLED Customers Frequently Asked Questions Mobile Printers Windows 10s PCI DSS Audiobook Millennials Virtual Machine Wireless Charging Fiber Optics Employee Touchpad Cast Smart Office Printer Server 2FA webinar Antivirus Emergency Messaging Cabling Tip of the week Advertising Professional Services Virtual Private Network Public Cloud Employer Employee Relationship Policy Politics Workforce Windows 8 Hypervisor Dark mode Cables Trend Micro Assessment IT service Notifications SMS Default App Windows Server 2008 Saving Time Tools Project Management Nanotechnology Procedure Telecommuting Tablet dark theme Cortana Shopping Google Search Television Domains Digital Signature AI IT Infrastructure Relocation Bing Warranty IaaS Maintenance FinTech Google Apps Bloatware Social Network Video Games HVAC Public Computer Analysis Transportation Worker Commute Investment Regulations Tablets Employee/Employer Relationships Administrator Consultant Computer Fan Devices Rootkit Employees Experience Windows 365 Entrepreneur Scalability ISP Enterprise Content Management Analytics MSP Workers Accountants Benefits Video Conferencing Business Owner ROI Bitcoin Shortcuts NarrowBand Microchip Best Available FENG Thought Leadership Shortcut Sales Credit Cards IBM Point of Sale Password Manager Cost Management Personal Search Cryptomining WIndows 7 Password Management Flash Smart Technology Social Networking Supply Chain Management Multi-Factor Security iPhone Batteries Search Engine Twitter Monitoring Supercomputer Windows 8.1 Business Mangement Digitize Software Tips NIST Sync Emails Running Cable Smart Tech Trending Windows Server 2008 R2 Files Memory Chromecast Addiction Customer relationships Amazon PowerPoint Email Best Practices Recycling Windows Media Player IT Assessment Manufacturing User Uninterrupted Power Supply Wiring Netflix Practices Two Factor Authentication Colocation Amazon Web Services Managed IT Service Security Cameras Root Cause Analysis Cache Computer Tips Safe Mode Knowledge Virtual CIO Criminal Music OneDrive Biometric Security Monitor Managing Stress HBO Skype GDPR Hosted Computing Peripheral Science Online Shopping Using Data Data loss Wireless Internet Cameras Digital Security Cameras File Sharing Leadership Troubleshooting Copiers 5G Reputation Outlook Streaming Media Start Menu Tech Support Camera Distributed Denial of Service Inventory Customer Relationship Management Quick Tip Content Specifications

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code