4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact 4IT at 305-278-7100. 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 21 August 2017
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Best Practices Privacy Microsoft Business Computing Internet software Hackers Backup Hosted Solutions Productivity Business Management Managed Service Provider Malware IT Services Business Google Efficiency Windows Innovation IT Support Hardware Disaster Recovery Workplace Tips Saving Money Miscellaneous VoIP Business Continuity Virtualization Windows 10 Upgrade Computer User Tips Mobile Devices Data Server Mobile Device Management Mobile Computing Email Save Money Communication Network Security Network Alert Quick Tips Smartphones communications BYOD Information Technology Going Green Mobile Office Microsoft Office Social Media Health Office Smartphone Apps Small Business Android Outsourced IT Application Operating System Ransomware Browser Gadgets Managed IT Services Disaster Firewall Avoiding Downtime Tablet Productivity Passwords Search Managed IT Holiday Chrome The Internet of Things Risk Management Remote Computing Mobility Unified Threat Management IT Solutions WiFi Spam BDR Vendor Management Telephone Systems Employer-Employee Relationship Budget Automation Facebook History Remote Monitoring Hard Drives Hacking Best Practice Saving Time Data Management Password Cybercrime Hosted Solution Computers Marketing Cybersecurity Wireless Technology VPN Recovery Phone System Big Data Customer Relationship Management Office Tips Apple Phishing User Error Lithium-ion battery Bring Your Own Device Collaboration Telephony Law Enforcement Current Events Humor Administration Wearable Technology Printer iPhone USB Maintenance PowerPoint Content Filtering Analytics Virus Antivirus Money Gmail Router Proactive IT Social Save Time Intranet Social Engineering Bandwidth Printer Server Laptop OneNote Private Cloud Point of Sale Work/Life Balance IT COnsultant Education Trending Net Neutrality Computer Repair Office 365 Tech Support Outlook HaaS Encryption Users Wireless Shortcut Unsupported Software Business Intelligence Windows 8 Government App Google Drive Cloud Computing Cost Management Internet Exlporer Virtual Reality Meetings Internet of Things Identity Theft Data Protection Solid State Drive Network Congestion Instant Messaging Emails Flexibility Efficency HIPAA IT Support Help Desk Entertainment Benefits DDoS Computer Accessories Samsung Mouse Compliance Display Two-factor Authentication Augmented Reality Managing Stress hacker SaaS Paperless Office Excel Personal Information Data Storage Transportation Audit Social Networking Fax Server Robot Computer Care Battery Data Backup Workplace Streaming Media Automobile End of Support Update Customer Service Uninterrupted Power Supply Biometrics online currency Retail Surge Protector Busines Continuity Legal HBO Near Field Communication Touchpad best practices Networking Mobile Device Television 3D Printing Wiring Managed Security CrashOverride Information Scam IT Management IT consulting data breach Human Resources Debate Running Cable Settings Sports ISP Employer Employee Relationship WIndows Server 2008 Reliable Computing Worker Commute Operating Sysytem risk management PDF Files Programming Blogging Bloatware Scalability Patch Management Windows 10 Safety Text Messaging Commerce Regulation Chromecast Nokia Website How To Wi-Fi Vulnerability Branding Upgrades Distributed Denial of Service Emergency Artificial Intelligence Data Recovery Sync Administrator OneDrive Training WIndows 7 Applications Colocation iOS Amazon Consultant eWaste Co-managed IT The Blindside Of Inbound Marketing Managed IT Service Access Managed IT Services Company Culture Regulations Black Market Politics Computer Fan Touchscreen IT Security Value Ebay Cleaning Cameras User Experience Dark Web Computing Hard Drive Science Keyboard Avoid Downtime Screen Mirroring Virtual Desktop Presentation Best Available Music Bluetooth Uograde IT Technicians Images Hiring/Firing Travel Cast Data storage Windows 10s SharePoint Books Nanotechnology Smart Technology Video Games Data Security Document Management Hard Disk Drive Twitter Teamwork Data Breach Advertising Root Cause Analysis Taxes Gift Giving Supercomputer Electronic Medical Records IT Budget Reputation Storage Adobe IT service Lifestyle Webinar Shadow IT Relocation Domains IT solutions Youtube Microblogging Tutorial Sales Buisness Managed Service Provder Webinar