4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact 4IT at 305-278-7100. 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 20 October 2017
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Best Practices Privacy Microsoft Internet Business Computing software Backup Hackers Hosted Solutions Productivity Business Management Managed Service Provider Google Malware IT Services Business Efficiency Windows Disaster Recovery Innovation IT Support Hardware Workplace Tips Business Continuity VoIP Saving Money Computer Windows 10 Miscellaneous Virtualization User Tips Upgrade Mobile Devices Mobile Device Management Data Network Security Server Mobile Computing Email Alert Communication Network Save Money Microsoft Office Quick Tips communications Information Technology Smartphone Social Media Smartphones BYOD Going Green Mobile Office Apps Office Health Small Business Android Ransomware Browser Operating System Gadgets Chrome Outsourced IT Application Tablet Firewall Avoiding Downtime Productivity Managed IT Services Disaster Risk Management Telephone Systems Search Mobility Holiday WiFi The Internet of Things Remote Computing Unified Threat Management IT Solutions Passwords Managed IT Data Management Spam Cybersecurity Cybercrime BDR Employer-Employee Relationship Budget History Remote Monitoring Automation VPN Apple Facebook Hacking Best Practice Hard Drives Vendor Management Saving Time User Error Collaboration iPhone Customer Relationship Management Recovery Phone System Wireless Technology Office Tips Big Data Marketing Phishing Password Proactive IT Law Enforcement Hosted Solution Computers Telephony Humor Office 365 Administration Lithium-ion battery Wearable Technology Maintenance PowerPoint Virus Money Current Events Data Recovery Printer Antivirus Shortcut USB Bring Your Own Device Content Filtering Data Backup Social Encryption Analytics Gmail Router Computer Repair Intranet Private Cloud Bandwidth Printer Server Laptop OneNote Users Trending Wireless Education Net Neutrality Unsupported Software Windows 8 Google Drive Audit Cloud Computing HaaS Tech Support Save Time Business Intelligence Outlook Data Security Point of Sale Work/Life Balance Social Engineering IT COnsultant Government App Cost Management Emergency Instant Messaging Emails HIPAA Applications Entertainment Benefits Politics Computer Accessories hacker DDoS IT Support Personal Information Transportation Efficency Mouse Windows 10 Compliance Social Networking Robot Computer Care Battery Vulnerability Two-factor Authentication Automobile Managing Stress Excel End of Support SaaS Display Augmented Reality Data Storage Internet Exlporer Travel Paperless Office Internet of Things Identity Theft Data Protection Customer Service Solid State Drive Fax Server Update Flexibility Biometrics Network Congestion Retail Workplace Virtual Reality Help Desk Streaming Media Meetings Uninterrupted Power Supply online currency Samsung Wi-Fi Surge Protector CrashOverride Artificial Intelligence Training Television IT Management Reliable Computing Administrator data breach Colocation 3D Printing Consultant Word The Blindside Of Bloatware Settings Company Culture WIndows Server 2008 Black Market Access risk management Touchscreen Windows Ink IT Security ISP Cleaning Branding Patch Management Experience Distributed Denial of Service Google Maps Hard Drive Blogging Keyboard Commerce Avoid Downtime Programming Regulation WIndows 7 Music Inbound Marketing eWaste Images Website Hiring/Firing Regulations Uograde Data storage Sync Books iOS Value Data Loss Smart Technology Managed IT Service Video Games Cameras OneDrive Amazon Adobe Document Management User Managed IT Services Data Breach Science Computer Fan Advertising Co-managed IT Virtual Desktop Legal Presentation Touchpad Mobile Device Bluetooth Licensing Best Available Managed Security Dark Web Wiring IT Technicians Ebay Scam Screen Mirroring Information Computing SharePoint Debate Employer Employee Relationship Cast Sports Windows 10s Operating Sysytem Teamwork Worker Commute Nanotechnology PDF Busines Continuity Networking Scalability Near Field Communication Files Hard Disk Drive Tablets Safety Root Cause Analysis Text Messaging Twitter Human Resources HBO How To IT consulting Chromecast Nokia best practices Upgrades Running Cable NFL Gift Giving Shadow IT Relocation Storage Microblogging Youtube Software as a Service IT service Sales Managed Service Provder Domains Webinar Google Docs Webinar Microsoft Excel Lifestyle IT solutions Taxes Mobile File Sharing Buisness Supercomputer Professional Services Electronic Medical Records Tutorial IT Budget Reputation