NSN Management Blog

NSN Management has been serving the Bixby area since 2012, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact NSN Management at 918-770-7400. 

e-max.it: your social media marketing partner
Tip of the Week: 3 Ways for Your Business to Take ...
9 Types of Hackers You Need to Know About
 

Comments 1

MarSpiro on Saturday, 17 June 2017 01:20

Thanks for posting it here. I really enjoyed reading it. I think it will be helpful for those student who just began college life. Perfect way to have more information about this good topic is to get help from custom essay writing service reviews.

Thanks for posting it here. I really enjoyed reading it. I think it will be helpful for those student who just began college life. Perfect way to have more information about this good topic is to get help from [url=https://essayreviewratings.com/innovative-trends-to-drive-the-future-of-writing-world.html]custom essay writing service reviews[/url].
Already Registered? Login Here
Guest
Friday, 25 May 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Business Computing Internet Cloud Hardware Malware Hackers Computer Hosted Solutions Business Management Windows Innovation Google Microsoft Windows 10 Backup Small Business Productivity Smartphone Operating System Saving Money Android Browser Hacking Alert Cybercrime Upgrade Information Technology Email Ransomware Server Miscellaneous VoIP Gadgets Telephone Systems User Tips Social Computers Apps Law Enforcement Best Practice Save Money communications Software Quick Tips Gmail Password Business iPhone Google Drive BDR Managed IT Services WiFi Virtualization Health Data DDoS IT Support Files Search Administrator Unified Threat Management Network Security The Internet of Things Social Engineering History Wireless Technology Money Access Upgrades Applications Private Cloud Automation Consultant Safety Laptop Telephony Productivity Government Mobile Devices Facebook Transportation Emergency Communication Touchpad Uninterrupted Power Supply Unsupported Software Going Green Trending Humor Internet of Things Reputation Robot Business Continuity Passwords Employer-Employee Relationship Budget Disaster Recovery VPN Recovery Operating Sysytem Disaster Streaming Media Hosted Solution Remote Computing Tech Support Update Wireless Avoiding Downtime Data Management Cybersecurity Chromecast Lithium-ion battery Chrome Data storage Internet Exlporer Sports Cost Management USB Office tips Shortcut Samsung Politics Virtual Reality Identity Theft Artificial Intelligence Hiring/Firing Training Experience Books Encryption Worker Commute Benefits Company Culture Phone System Video Games Electronic Medical Records Instant Messaging Work/Life Balance Router Smart Technology Computer Care Music Legal End of Support Users Efficiency Microsoft Office Mobility Managed Service Provider Analytics Flexibility Social Media Managing Stress Risk Management Office Big Data Scalability Advertising Cleaning Education Wi-Fi HaaS Scam Cloud Computing How To Smartphones Worker Application Workplace Tips Personal Information Employer Employee Relationship Television Current Events Save Time Marketing Battery Antivirus Mobile Computing Computer Accessories Mobile Device Office 365 PDF Hacker Point of Sale Holiday Outsourced IT Black Market Relocation Text Messaging Keyboard Automobile Vendor Management Entertainment IT Services

Latest Blog Entry

Entrepreneurs enjoy an almost mythical standing in the business world as visionary leaders risking everything on an idea that, if successful, pays off in a big way. Yet, few understand the role of the intrapreneur; those who have equally big ideas, but operate in the context...

Latest News

NSN Management launches new website!

NSN Management is proud to announce the launch of our new website at www.nsnmanagement.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

Read more ...