A security researcher called Tavis Ormandy found a zero day affecting LastPass, a popular password vault, meaning millions of users may be at risk until the problem is patched. Security experts from Lieberman Software and AlienVault commented below:
“One thing that’s interesting about the LastPass zero-day hole is that it proves they are likely using a good dose of their own medicine. LastPass is about protecting credentials. Nearly every story you see hitting the headlines and bad guys breaking in these days involves some form of stolen credentials. If that was the issue at LastPass, then it would be very bad. However, a zero-day hole like this is something that pops up in nearly every piece of software eventually – especially one as widely used and distributed as LastPass. It only means they are not perfect, but really who is?”
Javvad Malik, Security Advocate at AlienVault:
“History has shown us, no software, not even password managers are immune to security attacks. While the details of this particular bug are unknown, it does appear it requires a user to visit a malicious website in order to be executed. Part of the defenses includes users remaining vigilant and not clicking on unknown or suspect links as this could enable any number of exploits to be launched.
“Furthermore, monitoring password use, logins, and attempted change of details can serve as good early indicators that attempts have been made to compromise an account – so proactive action can be taken.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.