Blog
customer center

410.616.2000

rss Google Plus linkedin twitter facebook

Ready to Eliminate IT Stress?


computers

Next Level Technology Blog

Next Level Technology has been serving the Hunt Valley area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact Next Level Technology at 410-616-2070. 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 20 July 2017
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

The Next Level Technology Way

  • Expert Team of IT Specialists
  • Best IT Tools - optimized
  • Support Process provides outstanding service

Mobile? Grab this Article!

Qr Code

Download Our Free Managed IT eBook

free whitepaper image

Learn 10 distinct benefits Maryland Small Businesses gain from taking a managed approach to their IT.

Proudly Serving These Areas

Anne Arundel County: Annapolis, Crofton, Edgewater, Glen Burnie, Highland Beach, Jessup, Linthicum, Odenton, Parole, Pasadena, Severn, Severna Park, and more

Baltimore County: Baltimore City, Catonsville, Cockeysville, Dundalk, Essex, Gwynn Oak, Hunt Valley, Owings Mills, Pikesville, Randallstown, Towson, White Marsh

Carroll County: Eldersburg, Finksburg, Hampstead, Marriottsville, Westminster, and more

Harford County: Bel Air, Edgewood, Havre de Grace, Joppa, and more

Howard County: Clarksville, Columbia, Elkridge, Ellicott City, Hanover, Laurel, Lisbon, and more