LastPass is scrambling to fix another serious vulnerability

Page 1 of 2 12 LastLast
    LastPass is scrambling to fix another serious vulnerability

    LastPass is scrambling to fix another serious vulnerability


    Posted: 30 Mar 2017

    The flaw could allow for remote code execution or password theft.

    For the second time in two weeks developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or infect computers with malware.
    LastPass is scrambling to fix another serious vulnerability | PCWorld
    Borg 386's Avatar Posted By: Borg 386
    30 Mar 2017


  1. Posts : 7,114
    Windows 10 Pro 64 bit
       #1

    Perhaps it's best never to store passwords on any IT system?
      My Computers


  2. Posts : 5,199
    Windows 11 Home
       #2

    Online password managers, the same, the same old.

    Tavis Ormandy on Twitter:
    Attached Thumbnails Attached Thumbnails LastPass is scrambling to fix another serious vulnerability-capture_03312017_092510.jpg  
      My Computer


  3. Posts : 328
    Windows 10 x64 v2004 OS Build 19041.804
       #3

    Tavis found the vulnerability and LastPass is working on fixing it; what is the problem? No security software is perfect and never will be. The argument for using LastPass has always been all of the other much more serious security problems it solves, eg weak passwords, users using the same password on multiple sites, users forgetting passwords and/or writing them down on sticky notes, etc.
      My Computer


  4. Posts : 87
    10 Pro
       #4

    I am a LastPass user, and this doesn't scare me at all. Tavis seems to have made improving LastPass a project of his - hopefully LastPass is compensating him for his efforts - and this will benefit LastPass users in the long run.

    In the mean time, Tech blogs will have fodder for their FUD stories following every tweet Tavis makes about LastPass, completely missing the point that it's security is actually being improved by this, and no one is exploiting any of these vulnerabilities.
      My Computer


  5. Posts : 2,068
    Windows 10 Pro
       #5

    Better to be scrutinized, and updated quickly. It's the fact that LastPass responds so quickly to resolve the issue that gives me peace about the whole situation.

    And in the latest case, it was demonstrated to LastPass what could be done. It's not an active exploit. Kudos to LastPass for jumping right in and fixing it.
      My Computers


  6. Posts : 25,680
    Windows 11 Pro 22621.160
       #6

    That is why I manage my own passwords.:)
      My Computer


  7. Posts : 2,068
    Windows 10 Pro
       #7

    Josey Wales said:
    That is why I manage my own passwords.:)
    Are you telling me that you use
    1. A different password for every site
    2. A password that is long enough and complex not to guess
    3. You can either memorize them all, or only need to access a local password database to get to them?


    I'm so inundated with passwords, for both work and home. I work on a variety of machines. It's become necessary to have my passwords available in all places I might be, so managing them on my own isn't great. Even if I put them on my phone, it would be ok until I lost my phone.

    Passwords are such a necessary evil today, but there will hopefully be a better way in the future.
      My Computers


  8. Posts : 25,680
    Windows 11 Pro 22621.160
       #8

    pparks1 said:
    Are you telling me that you use
    1. A different password for every site
    2. A password that is long enough and complex not to guess
    3. You can either memorize them all, or only need to access a local password database to get to them?


    I'm so inundated with passwords, for both work and home. I work on a variety of machines. It's become necessary to have my passwords available in all places I might be, so managing them on my own isn't great. Even if I put them on my phone, it would be ok until I lost my phone.

    Passwords are such a necessary evil today, but there will hopefully be a better way in the future.
    That is exactly what I am telling you. I have this application that is called random password generator it can create random passwords and store them off line. I am retired, I have one device and no smart phone.
      My Computer


  9. Posts : 7,257
    Windows 10 Pro 64-bit
       #9

    Lastpass can generate random passwords to your specification without even pressing a keystroke thereby avoiding keyloggers.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:48.
Find Us




Windows 10 Forums