« The Apple Beat: The iPhone reaches 1 Billion units sold | Main | Google introduces family sharing on Google Play »
Wednesday
Jul272016

LastPass patches up two major vulnerabilities

No product is flawless, even those password managers you use. LastPass has its own issues to deal with, including two major security exploits from the program’s browser extensions. The good thing is these have been patched already. The company released an update regarding both bugs. One is an exploit discovered by researcher Mathias Karlsson where a URL parsing bug could be used to trick LastPass into divulging passwords for specific sites. You might accidentally click on the spoof URL and think you’re off to Twitter but this malicious page is already stealing your passwords and then quietly pass you on to the social network without knowledge that this happened. It took LastPass a day to resolve this and even gave Karlsson a US$1,000 bounty for the discovery.

Another bug was an exploit found by Google Security Team researcher Travis Ormandy. This affects the Firefox extension but thankfully, this has been fixed, too. What this could do is lure you to a malicious site and then have the site execute LastPass actions to do things like delete items without your knowledge. LastPass is dishing out some important reminders to its users with these discoveries: don’t click links from people you don’t know, use different passwords for different accounts, and if there’s two-factor identification make sure to activate that.

Source: LastPass | Via: Engadget

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>