Jump to content
Tuts 4 You
Sign in to follow this  
Teddy Rogers

LastPass Security Updates...

Recommended Posts

Teddy Rogers
Quote

In follow-up to recent news, we want to address in more detail two security reports that have been disclosed to our team. One report was disclosed yesterday, while the other report was responsibly reported and fixed over a year ago. Notably, both exploits do require tricking a user via a phishing attack into going to a malicious website.

The first report was responsibly disclosed to our team over a year ago by security researcher Mathias Karlsson, and fixed at that time. Karlsson recently posted his findings on the URL parsing bug. All browser clients were updated and Karlsson confirmed our fix at that time, requiring no action from our users.

The second report was made yesterday by Google Security Team researcher Tavis Ormandy, who contacted our team to report a message-hijacking bug that affected the LastPass Firefox addon. First, an attacker would need to successfully lure a LastPass user to a malicious website. Once there, Ormandy demonstrated that the website could then execute LastPass actions in the background without the user’s knowledge, such as deleting items. As noted below, this issue has been fully addressed and an update with a fix was pushed for all Firefox users using LastPass 4.0.

https://blog.lastpass.com/2016/07/lastpass-security-updates.html/

Ted.

  • Like 2

Share this post


Link to post
Loki

Tavis is a fornicating ninja.

That is all.

Share this post


Link to post
Teddy Rogers

Yes, he has been killing it of late with some of his disclosures. Certainly developing positive status creditability against his name.

Pleased to see LastPass being proactive once these security issues have been disclosed to them, patching and releasing updates promptly...

Ted.

  • Like 1

Share this post


Link to post
Loki

It's the fact that researchers spend months looking for bugs where as he "has a glance and notices some obvious security issues".

Seems to be single handily funding amnesty international too with his donations. Good on him.

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...