4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact 4IT at 305-278-7100. 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 18 February 2018
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft software Internet Business Computing Backup Hackers Productivity Business Management Hosted Solutions Managed Service Provider Malware Google IT Services Business Efficiency IT Support Windows Disaster Recovery Innovation Hardware Business Continuity Workplace Tips VoIP Saving Money Computer Mobile Devices User Tips Upgrade Windows 10 Miscellaneous Network Security Virtualization Mobile Device Management Data Server Email communications Mobile Computing Alert Communication Network Save Money Microsoft Office Small Business Social Media Smartphone Quick Tips Going Green Mobile Office Information Technology Smartphones Managed IT Services Outsourced IT BYOD Apps Android Health Office Browser Application Gadgets Ransomware Operating System Chrome Disaster Cybersecurity Tablet Mobility WiFi Holiday Firewall Productivity The Internet of Things Avoiding Downtime Managed IT IT Solutions Best Practice Data Backup Data Management Spam Risk Management BDR Cybercrime History Search Telephone Systems Data Recovery Passwords Remote Computing Unified Threat Management Hard Drives Saving Time Remote Monitoring Employer-Employee Relationship Budget Apple VPN Automation Marketing Facebook Vendor Management Hacking Law Enforcement Content Filtering Phishing Proactive IT Password iPhone Customer Relationship Management Hosted Solution User Error Computers Collaboration Money Recovery Phone System Wireless Technology Office Tips Big Data Antivirus USB Work/Life Balance Shortcut Analytics Humor Encryption Social Administration Gmail Router Office 365 Wearable Technology Government Maintenance PowerPoint Intranet Telephony Virus Lithium-ion battery Current Events Vulnerability Bring Your Own Device Printer Point of Sale IT COnsultant Outlook Business Intelligence Computer Repair Data Security App Social Engineering Cost Management Politics Personal Information Bandwidth Printer Server Users Private Cloud Wireless Laptop Unsupported Software Windows 8 OneNote Cloud Computing Google Drive Education Trending Save Time Net Neutrality SaaS Data Protection Audit Flexibility Tech Support HaaS Paperless Office Travel Fax Server Samsung Update Workplace Customer Service Wi-Fi Emergency Artificial Intelligence Biometrics Retail Streaming Media Virtual Reality Applications Uninterrupted Power Supply Meetings online currency hacker Social Networking Transportation Instant Messaging Emails HIPAA Computer Care Battery Robot Entertainment IT Support Benefits Computer Accessories Automobile DDoS Efficency End of Support Windows 10 Mouse Compliance Data Breach Internet Exlporer Data Loss Two-factor Authentication Display Internet of Things Managing Stress Excel Network Congestion Identity Theft Solid State Drive Redundancy Data Storage Sports Augmented Reality Help Desk Microsoft Excel PDF Dark Web Virtual Desktop Presentation Lifestyle Scalability Screen Mirroring Bluetooth Ebay Files Best Available IT Technicians Computing Nokia Safety File Sharing Text Messaging How To Cast SharePoint Chromecast Windows 10s Upgrades systems Nanotechnology Training Teamwork Administrator Colocation Hard Disk Drive Busines Continuity Consultant Tablets The Blindside Of hack Root Cause Analysis Networking Near Field Communication Twitter Company Culture Black Market HBO Access best practices Touchscreen NFL IT Security Cortana CrashOverride Human Resources IT consulting Surge Protector Television Cleaning IT Management Hard Drive Running Cable 3D Printing data breach Project Management Experience Word Keyboard Legislation Avoid Downtime Settings Reliable Computing Uograde WIndows Server 2008 Images Windows Ink risk management Bloatware MSP Music Hiring/Firing ISP Patch Management Data storage Google Maps Books Smart Technology Programming Video Games Commerce Branding Blogging Document Management Regulation Distributed Denial of Service Software as a Service Advertising Legal Wiring Website WIndows 7 Storage Inbound Marketing Mobile Device Information Sync eWaste Touchpad Managed Security iOS Regulations Scam Debate OneDrive Managed IT Service Managed IT Services Value Adobe Amazon Google Docs Computer Fan Co-managed IT Cameras Employer Employee Relationship User Operating Sysytem Science Worker Commute Licensing Electronic Medical Records Credit Cards IT solutions IT Budget Spyware Mobile FAQ Reputation Fraud Professional Services Buisness Tutorial Charger Edge Wireless Charging Ciminal WannaCry Shadow IT Relocation Microblogging Youtube Evernote Comparison Sales Gift Giving Workers Managed Service Provder Blockchain Specifications Webinar Updates Identities Conferencing Microsoft Word Gifts IT service Taxes Device Security Domains Webinar Supercomputer Devices