A dangerous LastPass security vulnerability allows attackers to gain remote access to user accounts.
Η υπηρεσία LastPass αποθηκεύει τους κωδικούς πρόσβασης του χρήστη σε μια “ασφαλή” περιοχή και όταν χρειαστεί αναγράφει αυτόματα τα διαπιστευτήρια για σας στις σελίδες που το απαιτούν. Το σύστημα χρησιμοποιεί encryption AES-256 bit με PBKDF2 SHA-256 και αλατισμένα (salted) hashes to protect the valuable data stored.
But according to well-known Google Project Zero security researcher Tavis Ormandy, the software contains “critical issues” that could put user accounts at risk.
On Tuesday, White Hat hacker revealed on Twitter that a quick look at LastPass security discovered "obvious" security issues.
So millions of users can be in danger until the problem is repaired. Of course, you understand that if an attacker can intercept a LastPass user account, it gives him access to a thesaurus with credentials for other online services.
Ormandy has announced zero-day and other critical critical security issues without giving technical details.
The same researcher has discovered critical problems in the software of major companies such as Symantec, Avast and many others.
Here we have to mention something we say very often: For passwords managers forget about online services. You store your data locally. They are more likely to violate a LastPass that attracts thousands of hackers because of its services rather than your computer.
Try the free app KeePass. It will store all your passwords locally with good encryption. The only thing you should remember is a gentleman code to open the application.