Some of Our Sources
- TutsPlus - Code
- The Logo Smith
- Abduzeedo
- Vandelay Design
- Creative Curio
- Line 25
- 24 Ways
- Wal You
- CSS Tricks
- Design Modo
Help Webnuz
Referal links:
July 27, 2016 04:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MmCOCaF7Tx0/lastpass-accounts-can-be-completely-compromised-when-users-visit-sites
LastPass Accounts Can Be 'Completely Compromised' When Users Visit Sites
Reader mask.of.sanity writes: A dangerous zero-day vulnerability has been found in popular cloud password vault LastPass, which can completely compromise user accounts when users visit malicious websites. The flaw is today being reported to LastPass by established Google Project zero hacker Tavis Ormandy who says he has found other "obvious critical problems". Interestingly, Mathias Karlsson, a security researcher has also independently found flaws in LastPass. In a blog post, he wrote that he was able to trick LastPass into believing he was on the real Twiter website and cough up the users' credentials of a bug in the LastPass password manager's autofill functionality. LastPass has fixed the bug, but Karlsson advises users to disable autofill functionality and use multi-factor authentication. At this point, it's not clear whether Ormandy is also talking about the same vulnerability.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MmCOCaF7Tx0/lastpass-accounts-can-be-completely-compromised-when-users-visit-sites
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot