New
#10
More interesting developments....
Password manager report gets researcher booted from Bugcrowd - CyberScoop
More interesting developments....
Password manager report gets researcher booted from Bugcrowd - CyberScoop
I use Lastpass and do question some of the info in that original article. The master password they say they captured from Lastpass is 8 characters. Lastpass requires 12 characters for the master password. Plus I use a Yubikey for 2FA, which I don't know if that affects the article's conclusions. Without the Yubikey you couldn't get into my Lastpass if you had the user name and password. There are a couple more things I am curious about. At any rate I still contend you are much better off with a password manager than without one.
For example... maybe
LastPass warns users to exercise caution while it fixes 'major' vulnerability | Technology | The Guardian
Flaws in LastPass Password Manager Allowed Hackers to Steal Credentials
Critical security flaws found in LastPass on Chrome, Firefox (updated)
- seems to be a researcher 'hacking' it.. so could the researcher actually access personal details?
9 Popular Password Manager Apps Found Leaking Your Secrets
That depends... There aren't many password managers that actually scrub the memory, regardless what the manual/FAQ states:
Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
One could make an argument that, if someone can do a memory dump on your system without your knowledge, you already lost...
Why a memdmp?
Isn't that what Meltdown is all about
Meltdown and SpectreMeltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.