A dangerous vulnerability in better safety of LastPass allows attackers to gain remote access to user accounts.
Η service LastPass αποθηκεύει τους codeς πρόσβασης του χρήστη σε μια “ασφαλή” περιοχή και όταν χρειαστεί αναγράφει αυτόματα τα διαπιστευτήρια για σας στις σελίδες που το απαιτούν. Το σύστημα χρησιμοποιεί encryption AES-256 bit with PBKDF2 SHA-256 and salted hashes to protect valuable data stored.
But according to well-known Google Project Zero security researcher Tavis Ormandy, the software contains “critical problems”, which could put user accounts at risk.
On Tuesday, the White Hat hacker revealed on Twitter that a quick look at LastPass security revealed "obvious" security problems.
So millions of users can be in danger until the problem is repaired. Of course, you understand that if an attacker can intercept a LastPass user account, it gives him access to a thesaurus with credentials for other online services.
Ormandy has announced zero-day and other critical critical security issues without giving technical details.
The same researcher has discovered critical problems in the software of major companies such as Symantec, Avast and many others.
Here we have to mention something we say very often: For passwords managers forget about online services. You store your data locally. They are more likely to violate a LastPass that attracts thousands of hackers because of its services rather than your computer.
Try the free app KeePass. It will store all of your passwords locally with satisfactory encryption. All you have to remember is a master code for opening the application.