4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact 4IT at 305-278-7100. 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 23 June 2017
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft Internet Business Computing software Hackers Backup Hosted Solutions Productivity Business Management Managed Service Provider Malware Business Google IT Services Innovation Efficiency Windows IT Support Hardware Workplace Tips Saving Money Disaster Recovery VoIP Business Continuity Upgrade Windows 10 Computer Miscellaneous Virtualization Data Mobile Devices Mobile Computing User Tips Server Mobile Device Management Save Money Communication Quick Tips Network Network Security Going Green Mobile Office Email Alert Information Technology Smartphones BYOD communications Microsoft Office Office Apps Smartphone Small Business Social Media Health Application Gadgets Operating System Managed IT Services Android Disaster Ransomware Tablet Browser Firewall The Internet of Things Avoiding Downtime Remote Computing Unified Threat Management BDR Mobility WiFi Search Holiday Passwords Chrome Vendor Management Outsourced IT Telephone Systems IT Solutions Employer-Employee Relationship Budget Risk Management Hard Drives Spam Saving Time Automation History Remote Monitoring Hacking Best Practice Data Management Productivity Marketing Cybercrime Facebook Big Data Recovery Customer Relationship Management Office Tips Apple VPN Wireless Technology Password Bring Your Own Device Managed IT Computers Telephony Printer Cybersecurity USB Content Filtering Humor Law Enforcement Administration Analytics Phone System Gmail Router Wearable Technology iPhone Maintenance PowerPoint User Error Lithium-ion battery Collaboration Money Antivirus Social Current Events Trending Education Net Neutrality Save Time Social Engineering Hosted Solution Point of Sale Tech Support IT COnsultant Private Cloud Computer Repair Work/Life Balance Encryption Proactive IT Government App Cost Management Virus Intranet Users HaaS Bandwidth Printer Server Windows 8 Wireless Laptop Cloud Computing Phishing Virtual Reality Internet Exlporer Network Congestion Internet of Things Display Identity Theft Help Desk Solid State Drive Augmented Reality Flexibility Instant Messaging Emails Paperless Office HIPAA Entertainment Benefits DDoS Outlook Computer Accessories Fax Server Samsung Workplace Mouse Office 365 Streaming Media Uninterrupted Power Supply Social Networking Two-factor Authentication online currency hacker Managing Stress SaaS Personal Information Transportation Audit Computer Care Battery Robot Efficency Business Intelligence Unsupported Software Automobile Shortcut End of Support OneNote Update Customer Service Biometrics Google Drive Retail data breach Legal Website Busines Continuity Near Field Communication Mobile Device Debate Networking Touchpad Meetings Managed Security Scam risk management OneDrive Amazon IT consulting Human Resources Running Cable Co-managed IT Data Protection Employer Employee Relationship Windows 10 Sports Reliable Computing Worker Commute Operating Sysytem PDF Nokia Vulnerability Scalability Bloatware Files Ebay Computing Text Messaging Safety iOS How To Chromecast Upgrades Wi-Fi Branding Emergency Distributed Denial of Service Artificial Intelligence Compliance Training Computer Fan Administrator Colocation WIndows 7 Consultant Applications The Blindside Of eWaste Inbound Marketing Twitter Company Culture Dark Web Black Market Access Regulations Hard Drive Touchscreen Politics IT Security Excel Value Surge Protector Cameras Television Cleaning Data Backup Images 3D Printing User Uograde Experience Keyboard Windows 10s Avoid Downtime Science Presentation Nanotechnology Virtual Desktop Bluetooth Best Available Music Hiring/Firing Hard Disk Drive IT Technicians ISP Travel Root Cause Analysis Data storage SharePoint Books Smart Technology best practices Video Games Programming Blogging Document Management Wiring Teamwork Advertising Information Data Breach Taxes Supercomputer Lifestyle Electronic Medical Records IT Budget Reputation Managed IT Services Tutorial Webinar Storage IT service IT solutions Microblogging Shadow IT Youtube Domains Relocation Sales Gift Giving Managed Service Provder Webinar CrashOverride Buisness