Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

After having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.

Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they’re visiting.

To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy’s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.

LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.

LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass’ advice to heart for the sake of your own network security.

To ensure your credentials are protected, and to schedule a full security audit, contact Total Tech Care at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Business Continuity IT Support Smartphones Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Users Business Management Phishing Windows Managed IT Services Upgrade Outsourced IT Ransomware Data Backup Windows 10 Cloud Computing Office Data Recovery Server Save Money Windows 10 Passwords Virtualization Saving Money Holiday Gadgets Chrome Social Media Tech Term Managed IT Services Managed Service Automation Microsoft Office Cybercrime Computers Artificial Intelligence Operating System Facebook Health BYOD Mobile Device Management Internet of Things Networking IT Support Wi-Fi Hacking Spam Remote Office 365 Alert Information Telephone Systems Managed Service Provider Covid-19 Information Technology Router BDR Bandwidth Social Engineering Mobility Employer-Employee Relationship Recovery Human Resources Applications Mobile Computing Application Law Enforcement Remote Monitoring Data Breach App History Big Data Password Money Encryption Remote Computing Government Data Storage Mobile Office Patch Management Blockchain Private Cloud Paperless Office Managed IT Office Tips Training Apps VPN How To Marketing Google Drive Two-factor Authentication WiFi IT solutions Entertainment Website Budget Mouse HaaS Avoiding Downtime Vulnerability Windows 7 Word Servers Bring Your Own Device Data Management Wireless Work/Life Balance Infrastructure Voice over Internet Protocol Data Security Gmail Settings Flexibility Safety Data Protection HIPAA Sports Redundancy Virtual Reality Apple Keyboard Social USB Conferencing User Error Meetings Scam Telephone System Staff Software as a Service Save Time Machine Learning Risk Management Vendor Management Hacker Connectivity Remote Work Vendor Managed Services Cleaning The Internet of Things Display Lithium-ion battery End of Support Employee/Employer Relationship Education Physical Security RMM Firewall Cryptocurrency Computing Spam Blocking Electronic Medical Records SaaS PDF Hiring/Firing Printer Comparison Bluetooth Proactive IT Digital Signage CES Network Congestion Best Practice eWaste YouTube Business Technology Content Management Black Market Access Control Business Intelligence IT Consultant Procurement Net Neutrality Virtual Assistant Workplace Strategy Worker Authentication Audit Document Management Wearable Technology IT Management Solid State Drive Retail Wireless Technology Hard Drives Humor Help Desk How to Downtime Instant Messaging Printing Robot Excel Botnet IT Plan Update Data storage Biometrics Virtual Desktop Managed Services Provider Automobile Unsupported Software Database Google Docs Charger Computing Infrastructure DDoS Identity Theft Going Green Remote Workers SharePoint Compliance Computer Care Processor OneNote Current Events Augmented Reality Virus Telephony Battery Fraud Samsung Customer Service Shadow IT Hard Drive Unified Threat Management Legal Environment Remote Worker Computer Accessories Value Fax Server Internet Exlporer Outlook Recycling Leadership IT service Ergonomics Troubleshooting Smartwatch Development Notifications OLED Wiring Cameras Start Menu Practices Screen Mirroring Amazon Web Services Loyalty PCI DSS Tablet Virtual Machine Cache Employee Safe Mode Frequently Asked Questions Criminal Domains 2FA Books Fiber Optics Relocation Messaging Cabling GDPR Mobile Hosted Computing Windows 10s Cast IaaS Online Shopping Maintenance Policy Hypervisor Wireless Internet File Sharing Tip of the week webinar Video Games Dark mode Emergency Bloatware Trend Micro Employer Employee Relationship SMS Default App Camera Printer Server Professional Services Inventory Public Cloud Worker Commute Specifications Experience Evernote Assessment Procedure Tablets Saving Time Wire Google Search Windows Server 2008 Scalability dark theme Travel Entrepreneur Shopping AI IT Infrastructure Printers Tools Business Owner Millennials Wireless Charging Television Shortcut FinTech NarrowBand Bing Smart Office Search Cost Management Social Network iPhone Social Networking Investment Virtual Private Network Workforce Cables Public Computer Employees Employee/Employer Relationships ISP Regulations Windows 365 Transportation Rootkit Files Video Conferencing ROI Project Management Nanotechnology Computer Fan Running Cable Telecommuting Cortana Sales Chromecast Memory Bitcoin Shortcuts Consultant Cryptomining Digital Signature Workers Point of Sale Benefits Personal Colocation Supply Chain Management Uninterrupted Power Supply Warranty Analytics FENG Google Apps IBM Monitoring Batteries HVAC Best Available Flash Analysis Windows 8.1 Smart Technology Monitor Digitize WIndows 7 Science Windows Server 2008 R2 Administrator Devices Enterprise Content Management Software Tips Supercomputer Customer relationships Streaming Media Manufacturing MSP Sync Accountants Emails Email Best Practices Reputation IT Assessment Credit Cards Customer Relationship Management Tech Support Microchip Thought Leadership Content Distributed Denial of Service Password Management Password Manager Techology Computer Tips Laptop Analyitcs Managed IT Service Security Cameras Biometric Security Netflix Virtual CIO Multi-Factor Security Two Factor Authentication Customers Programming OneDrive Peripheral User Search Engine PowerPoint Twitter Windows Media Player Root Cause Analysis Audiobook NIST HBO Business Mangement Knowledge Digital Security Cameras Music Touchpad Using Data 5G Skype Smart Tech Antivirus Trending Copiers Amazon Advertising Quick Tip Managing Stress Windows 8 Addiction Data loss Politics

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code