LastPass,Nikki Nova Archives the online service that keeps your passwords safe behind one master password, is currently not nearly as secure as it should be.
According to Google's vulnerability researcher Tavis Ormandy, there's at least one unpatched vulnerability in LastPass that allows attackers to steal passwords "from any domain."
SEE ALSO: Change this security setting on WhatsApp right nowOrmandy recently reported a few other LastPass bugs, including vulnerabilities in the LastPass add-ons for Firefox and Chrome.
I found another bug in LastPass 4.1.35 (unpatched), allows stealing passwords for any domain. Full report will be on the way shortly. pic.twitter.com/9VkV7R3vud
— Tavis Ormandy (@taviso) March 21, 2017
One security vulnerability, described in detail by Ormandy here, not only allows for an attacker to steal passwords, but -- in certain circumstances -- it can also be used to run arbitrary code on the victim's computer.
On Tuesday, LastPass announced that that particular issue has been resolved, but on Wednesday, the company acknowledged that there is an unpatched bug in its Firefox add-on.
The issue reported by Tavis Ormandy has been resolved. We will provide additional details on our blog soon.
— LastPass (@LastPass) March 21, 2017
We are aware of reports of a Firefox add-on vulnerability. Our security is investigating and working on issuing a fix.
— LastPass (@LastPass) March 22, 2017
Replying to a commenter to Tuesday's tweet, LastPass said that users needn't do anything at this point. However, the company still hasn't published anything on its official blog regarding these new security holes.
While no software is safe from security holes, vulnerabilities that affect password managers such as LastPass are particularly worrisome, as these services safeguard users' entire password collections. Especially when they come in droves, as they do these days.
This is not the first serious security issue LastPass has encountered. The service got hacked in 2011 and again in June 2015. And in 2013, a bug caused some users' Internet Explorer passwords to get exposed to the public.
UPDATE: March 22, 2017, 6:52 p.m. CET LastPass responded to our query by pointing us to their freshly published blog post, here. In the post, the company says it has worked with Ormandy to investigate and fix these vulnerabilities. The company claims it has fixed all issues now, and patches will be applied automatically for most users. According to LastPass, there is no indication that any of these vulnerabilities were exploited in the wild. The company vowed to provide a more comprehensive overview of these vulnerabilities, as well as its efforts to fix them and prevent further issues, in the future.
Topics Cybersecurity
Previous:Twilight of the Racist Uncles
The Bananas-Ass Ex-Friend
Linda Pastan Talks About Her New Collection, “Insomnia”
All Aboard: The MoonArk Project Is Taking Art to the Moon
Six Sweet Hours of Arabian Nights, and Other News by Dan Piepenbring
Hugh Hefner Was Always an Abusive Creep with Bad Taste in Leisure Wear
Roman Sewers: Innovative, Sure, But Filthy, Too
Cure Your Loneliness. Do the Twist.
Photography Incubabula: How Early Photographs Got in Books
The Arendt Center’s Dark Thinking
On the Isles of the Shoals with Celia Thaxter
The “Classical Liberal” Pivot
Lost Downtown: Peter Hujar’s Portraits from NYC in the ’70s
Pushing a Taxi Out of the Snow
Jean Debuffet’s Savage, Chaotic “Art Brut”
The Lying Game
Robert Frost’s Death Wish
The Bizarre Books of George Leonard Herter
Comfort TV: Notes on “The Great British Baking Show”
The Cambridge Analytica Con
Last Chance: Get a Free Copy of “The Unprofessionals”
'Star Wars' was born with a nuclear explosion, and other weird news from May 25, 1977Why Ariana Grande's music is so importantRocket Lab successfully launches rocket into space from New ZealandOh great, a super PAC is trying to convince Mark Zuckerberg to run for presidentClever antiThe animation secret behind Jon Stewart's now dead HBO showInside Amazon’s first New York City BookstoreThe luxury shopping list: 8 highWoman gets punched in the gut by Nissan car during anti'Wonder Woman' U.K. premiere canceled after Manchester tragedyOculus founder thinks this wild anime film is the likely future of AR1Password has a new tool for keeping your data safe at the borderThe king of Go is no longer a human'Star Wars' team remembers Carrie Fisher and we're cryingChina's richest tech companies could make serious cash off unicornsNew video shows a 'dummy' iPhone 8 in all its gloryThe luxury shopping list: 8 high'Game of Thrones' keeps rolling out Season 7 teasers and zero new footageThat massive plane that looks like a butt successfully flies now, so that's good newsApple launches App Development Curriculum for college Is Literature Dead? by David L. Ulin WGA strike 2023: Fans of 'Succession,' 'Yellowjackets' show their support Amazon Cyber Weekend TV deals 2023: Fire TVs, cheap QLEDs, and more Staff Picks: Documentaries, Snapshots, and Glossy Color Images by The Paris Review 35+ headphone deals from Amazon's Cyber Monday sale Redux: Writers at Play by The Paris Review Best Beats Cyber Monday headphones deals: save $50 on the Beats Fit Pro and more Writers’ Fridges: Walter Mosley What Our Contributors Are Reading This Summer Cyber Monday streaming deals on Hulu, Paramount+, and more Google honors Native American LGBTQ icon Barbara May Cameron with new Doodle Best early Cyber Monday Roomba deals at Amazon 2023 Seven Books I’ll Never Read 'Zelda' Pornhub searches skyrocket after game release Coyote Doggirl in “Nice to Be Alone” Early Cyber Monday deals at Best Buy: TVs, laptops, headphones, and more Father's Day memes to share on dad's big day: The funny and true jokes for your pops Cyber Monday 2023 laptop deals at Walmart: a $299 Lenovo Flex 5i just dropped Twitter's blue couch saga is dividing the timeline Tinder is removing social handles from bios
2.3346s , 10130.8125 kb
Copyright © 2025 Powered by 【Nikki Nova Archives】,Wisdom Convergence Information Network