4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact 4IT at 305-278-7100. 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 11 December 2017
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft software Internet Business Computing Hackers Backup Productivity Hosted Solutions Business Management Managed Service Provider Google Malware IT Services Business Efficiency Windows Disaster Recovery IT Support Innovation Business Continuity Hardware VoIP Workplace Tips Computer User Tips Saving Money Miscellaneous Virtualization Upgrade Windows 10 Mobile Devices Mobile Device Management Data Server Network Security Mobile Computing Alert Email Communication Save Money Microsoft Office Network Quick Tips communications Small Business Smartphone Smartphones BYOD Information Technology Going Green Mobile Office Social Media Health Android Office Apps Operating System Application Ransomware Chrome Browser Gadgets Managed IT Services Outsourced IT Mobility Disaster Holiday Firewall Avoiding Downtime Tablet Productivity WiFi Managed IT Best Practice Data Management Passwords Search Cybercrime Telephone Systems Risk Management The Internet of Things Remote Computing Unified Threat Management IT Solutions Spam BDR Cybersecurity Vendor Management VPN Employer-Employee Relationship Budget Facebook Automation Remote Monitoring History Hard Drives Saving Time Hacking Apple Law Enforcement User Error Phishing Marketing Collaboration Password Hosted Solution Computers Wireless Technology Money Phone System Recovery iPhone Big Data Data Recovery Customer Relationship Management Content Filtering Office Tips Proactive IT Data Backup Work/Life Balance Shortcut Social Bring Your Own Device Lithium-ion battery Office 365 Telephony Current Events Humor Administration Wearable Technology Vulnerability Printer Maintenance PowerPoint USB Virus Analytics Encryption Gmail Router Government Antivirus Business Intelligence Cost Management Data Security Intranet Bandwidth Printer Server Laptop Social Engineering Politics OneNote Point of Sale Personal Information IT COnsultant Education Computer Repair Trending Net Neutrality Private Cloud Wireless Unsupported Software Google Drive Cloud Computing Tech Support Save Time Outlook Users SaaS Data Protection Audit HaaS Windows 8 App Travel online currency Samsung Wi-Fi Update Customer Service Emergency Biometrics Artificial Intelligence Retail Applications Network Congestion Virtual Reality Meetings Help Desk hacker Efficency Transportation Emails Instant Messaging Robot IT Support Computer Care Battery HIPAA Entertainment Windows 10 Benefits Display DDoS Computer Accessories Automobile End of Support Augmented Reality Mouse Compliance Paperless Office Social Networking Internet Exlporer Two-factor Authentication Fax Server Managing Stress Internet of Things Data Storage Excel Identity Theft Solid State Drive Workplace Flexibility Sports Streaming Media Uninterrupted Power Supply Cast IT Technicians Twitter Windows 10s Safety Text Messaging Chromecast systems Nanotechnology SharePoint Surge Protector Wiring How To Information Upgrades Television Hard Disk Drive Tablets 3D Printing Administrator hack Root Cause Analysis Teamwork Debate Training Busines Continuity Colocation HBO Consultant best practices Networking The Blindside Of Near Field Communication NFL Access Cortana ISP CrashOverride Company Culture Black Market IT Management Touchscreen data breach Human Resources IT Security IT consulting Word Legislation Programming Settings Blogging Running Cable Cleaning Experience WIndows Server 2008 Nokia risk management Keyboard Reliable Computing Avoid Downtime Windows Ink Website Music Patch Management Bloatware Hiring/Firing Google Maps Data storage OneDrive Commerce Books Regulation Amazon Co-managed IT Branding Smart Technology Video Games Software as a Service Distributed Denial of Service Document Management Data Breach Advertising Sync iOS Lifestyle WIndows 7 Legal Data Loss Inbound Marketing Touchpad Managed IT Service Ebay eWaste Mobile Device Storage Hard Drive Managed Security Regulations Adobe Computing Managed IT Services Google Docs Computer Fan Scam Value Uograde Images Cameras Licensing Microsoft Excel Dark Web Employer Employee Relationship User Operating Sysytem Screen Mirroring Science Worker Commute Virtual Desktop Presentation PDF File Sharing Bluetooth Best Available Scalability Files FAQ IT Budget Professional Services Reputation Buisness Gift Giving Shadow IT Relocation Comparison Specifications Conferencing Gifts IT service Microblogging Youtube Redundancy Taxes Webinar Domains Sales Credit Cards Supercomputer Tutorial IT solutions Electronic Medical Records Managed Service Provder Mobile Webinar