Password Manager LastPass Patches 2 Major Bugs


LastPass on Wednesday pushed a software update to Firefox users following reports of security vulnerabilities.

Marketing manager Amber Gott pointed to a pair of unrelated bugs that left the LastPass Firefox browser extension open to attack.

On Tuesday, Google Security Team researcher Tavis Ormandy reported a message-hijacking bug targeting the LastPass Firefox add-on. If a hacker lured a LastPass user to a malicious website, he or she "could then execute LastPass actions in the background without the user's knowledge, such as deleting items."

The issue, which only affected Firefox users running LastPass 4.0 or later, was fixed by Wednesday.

The other bug, a URL-parsing bug discovered by security researcher Mathias Karlsson, could be used to trick the password manager into sharing codes for specific sites. Someone on their way to Facebook, for example, may click a spoof URL that steals their passwords before logging them into the real social network.

LastPass patched the exploit more than a year ago, and gave Karlsson a $1,000 bounty for his help.

"As always, we appreciate the work of the security community to challenge our product and ensure we deliver a secure service for our users," Gott said, thanking Karlsson and Ormandy, "and others in the security community," for their disclosures.

"We value their work that helps us build a stronger, more secure product," she added.

Despite LastPass's updates, users should follow some general best practices for online security. That includes remaining alert and steering clear of possible phishing attacks, using a different and unique password for every online account, and turning on two-factor authentication when possible.

The password manager also suggests creating a strong master code for LastPass, and running antivirus software on a regular basis.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Here is the Newest Google Pixel Commercial

    Solid effort, as always in the commercial department from Google.Will it get people to buy the Pixel and Pixel XL?
  • 5300c769af79e

    Defense Department Drifts Toward Commercial Cloud

    The mission of the portfolio unit is to provide cost savings by moving as much of DoD's IT functions as possible to the cloud.It continues to shrink, so we have to facilitate cost savings, and reduce overhead for the entire department," Hale told attendees at the Advanced Technology Academic Research Center Federal cloud Computing Summit last month.
  • 5300c769af79e

    Here are the LG Watch Sport and Watch Style User Guides

    Even though these are LG devices, packaging hints at these being influenced (at least in terms of design) by Google.While we wait for LG and Google to fully unveil these new wearables, we wanted to add to the pre-launch story today by sharing the user guides for each watch.
  • 5300c769af79e

    Share Your Amazon Prime Photos Storage Via 'Family Vault'

    But a smartphone can only hold so many brunch snapshots and looping GIF videos, which is why Amazon has new Prime Photos features in the US.Share unlimited photo storage—plus 5GB for videos and other files—with grandma, grandpa, Uncle Barry, and the Smiths next door.