4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact 4IT at 305-278-7100. 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 24 May 2017
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft Internet Business Computing software Hackers Productivity Backup Business Management Hosted Solutions Managed Service Provider Business Malware IT Services Google Innovation Efficiency IT Support Windows Hardware Workplace Tips Saving Money Computer Disaster Recovery Miscellaneous VoIP Windows 10 Upgrade Business Continuity Virtualization Data Mobile Devices Mobile Computing User Tips Server Mobile Device Management Communication Save Money Network Quick Tips Network Security Alert Email Information Technology Going Green Mobile Office Apps Small Business Health Social Media communications Smartphones Microsoft Office Office BYOD Smartphone Gadgets Operating System Tablet Browser Managed IT Services Firewall Application Ransomware Disaster Search WiFi Holiday Android Avoiding Downtime Passwords Remote Computing Unified Threat Management Mobility BDR Risk Management Hacking History Remote Monitoring Best Practice Data Management Outsourced IT Chrome The Internet of Things Employer-Employee Relationship Telephone Systems Vendor Management IT Solutions Hard Drives Automation Saving Time Office Tips Customer Relationship Management Productivity VPN Wireless Technology Cybercrime Apple Facebook Big Data Marketing Budget Recovery Spam Humor Administration Money Wearable Technology User Error iPhone Lithium-ion battery Antivirus Maintenance Collaboration PowerPoint Social Managed IT Password Current Events Computers Law Enforcement Telephony Printer Bring Your Own Device USB Phone System Content Filtering Analytics Router Gmail Computer Repair Government Cost Management Wireless HaaS Intranet Bandwidth Printer Server Laptop Virus Save Time Users Phishing Windows 8 Education Social Engineering Trending Hosted Solution Net Neutrality Cybersecurity Work/Life Balance Private Cloud Tech Support Encryption Point of Sale IT COnsultant Proactive IT Two-factor Authentication App Uninterrupted Power Supply Managing Stress online currency Battery Robot SaaS Unsupported Software Automobile End of Support Google Drive Cloud Computing Social Networking Shortcut Business Intelligence Internet Exlporer Update Customer Service Efficency OneNote Biometrics Retail Internet of Things Virtual Reality Identity Theft Solid State Drive Flexibility Display Instant Messaging Emails HIPAA Samsung Entertainment Network Congestion Paperless Office Benefits Computer Accessories Office 365 DDoS Fax Server Help Desk Outlook Mouse hacker Workplace Personal Information Streaming Media Transportation Regulations Experience Keyboard Avoid Downtime Excel Value Computer Care Twitter Cameras Music Audit Hiring/Firing Surge Protector User Science Television Data storage Books Virtual Desktop 3D Printing Presentation Best Available Smart Technology Video Games Bluetooth IT Technicians Travel Document Management Data Breach Hard Drive Advertising ISP Legal SharePoint Touchpad Mobile Device Windows 10s Uograde Managed Security Images Programming Blogging Scam Teamwork Busines Continuity Hard Disk Drive Data Protection Networking Near Field Communication Website Employer Employee Relationship Sports Meetings Operating Sysytem Worker Commute best practices PDF Human Resources IT consulting OneDrive Scalability Files Running Cable Wiring Amazon data breach Information Co-managed IT Safety Text Messaging Reliable Computing Augmented Reality How To Chromecast Bloatware Upgrades Debate Wi-Fi risk management Emergency Artificial Intelligence Ebay Training Administrator Colocation Computing Consultant Applications The Blindside Of Branding Compliance Company Culture Black Market Access Distributed Denial of Service Touchscreen Politics Nokia IT Security WIndows 7 Inbound Marketing Cleaning eWaste Relocation iOS IT service Managed IT Services Domains Webinar IT solutions Gift Giving Microblogging Youtube Buisness Taxes Sales Managed Service Provder Supercomputer Webinar Electronic Medical Records IT Budget Reputation Lifestyle Windows 10 Vulnerability Storage Tutorial Shadow IT