A dangerous vulnerability in better safety of LastPass allows attackers to gain remote access to user accounts.
Η service LastPass αποθηκεύει τους κωδικούς πρόσβασης του χρήστη σε μια “ασφαλή” περιοχή και όταν χρειαστεί αναγράφει αυτόματα τα διαπιστευτήρια για σας στις σελίδες που το απαιτούν. Το σύστημα χρησιμοποιεί κρυπτογράφηση AES-256 bit με PBKDF2 SHA-256 και αλατισμένα (salted) hashes για να προστατεύει τα πολύτιμα δεδομένα που είναι αποθηκευμένα.
But according to well-known security researcher Google Project Zero Tavis Ormandy, the software contains "critical problems" that could put users' accounts at risk.
On Tuesday, the White Hat hacker revealed on Twitter that a quick look at LastPass security revealed "obvious" security problems.
So millions of users may be at risk until the problem is fixed. Of course you understand that if an attacker can hijack a LastPass user account, it gives them access to a treasure trove of credentials for other online services.
Ormandy announced the zero-day and other critical safety issues without giving technical details.
The same researcher has discovered critical problems in the software of major companies such as Symantec, Avast and many others.
Here we have to mention something we say very often: For passwords managers forget about online services. You store your data locally. They are more likely to violate a LastPass that attracts thousands of hackers because of its services rather than your computer.
Try the free app KeePass. It will store all of your passwords locally with satisfactory encryption. All you have to remember is a master code for opening the application.