Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The LastPass Disclosure of Leaked Password Vaults Is Being Torn Apart By Security Experts

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The LastPass Disclosure of Leaked Password Vaults Is Being Torn Apart By Security Experts


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: it.slashdot.org

Last week, LastPass announced that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. "While the company insists that your login information is still secure, some cybersecurity experts are heavily criticizing its post, saying that it could make people feel more secure than they actually are and pointing out that this is just the latest in a series of incidents that make it hard to trust the password manager," reports The Verge. Here's an excerpt from the report: LastPass' December 22nd statement was "full of omissions, half-truths and outright lies," reads a blog post from Wladimir Palant, a security researcher known for helping originally develop AdBlock Pro, among other things. Some of his criticisms deal with how the company has framed the incident and how transparent it's being; he accuses the company of trying to portray the August incident where LastPass says "some source code and technical information were stolen" as a separate breach when he says that in reality the company "failed to contain" the breach. He also highlights LastPass' admission that the leaked data included "the IP addresses from which customers were accessing the LastPass service," saying that could let the threat actor "create a complete movement profile" of customers if LastPass was logging every IP address you used with its service. Another security researcher, Jeremi Gosney, wrote a long post on Mastodon explaining his recommendation to move to another password manager. "LastPass's claim of 'zero knowledge' is a bald-faced lie," he says, alleging that the company has "about as much knowledge as a password manager can possibly get away with." LastPass claims its "zero knowledge" architecture keeps users safe because the company never has access to your master password, which is the thing that hackers would need to unlock the stolen vaults. While Gosney doesn't dispute that particular point, he does say that the phrase is misleading. "I think most people envision their vault as a sort of encrypted database where the entire file is protected, but no -- with LastPass, your vault is a plaintext file and only a few select fields are encrypted." Palant also notes that the encryption only does you any good if the hackers can't crack your master password, which is LastPass' main defense in its post: if you use its defaults for password length and strengthening and haven't reused it on another site, "it would take millions of years to guess your master password using generally-available password-cracking technology" wrote Karim Toubba, the company's CEO. "This prepares the ground for blaming the customers," writes Palant, saying that "LastPass should be aware that passwords will be decrypted for at least some of their customers. And they have a convenient explanation already: these customers clearly didn't follow their best practices." However, he also points out that LastPass hasn't necessarily enforced those standards. Despite the fact that it made 12-character passwords the default in 2018, Palant says, "I can log in with my eight-character password without any warnings or prompts to change it."

Read more of this story at Slashdot.

...



๐Ÿ“Œ The LastPass Disclosure of Leaked Password Vaults Is Being Torn Apart By Security Experts


๐Ÿ“ˆ 114.96 Punkte

๐Ÿ“Œ LastPass security breach leaked encrypted customer password vaults


๐Ÿ“ˆ 50.03 Punkte

๐Ÿ“Œ LastPass Password Vaults Stolen By Hackersโ€”Change Your Master Password Now


๐Ÿ“ˆ 45.54 Punkte

๐Ÿ“Œ Sensationalist slander gets torn apart on twitter - this bs doesnt belong in linux, wtf.


๐Ÿ“ˆ 42.64 Punkte

๐Ÿ“Œ LastPass Admits to Severe Data Breach, Encrypted Password Vaults Compromised


๐Ÿ“ˆ 39.54 Punkte

๐Ÿ“Œ LastPass admits attackers have a copy of customersโ€™ password vaults


๐Ÿ“ˆ 39.54 Punkte

๐Ÿ“Œ LastPass Admits Attackers Have A Copy Of Customers' Password Vaults


๐Ÿ“ˆ 39.54 Punkte

๐Ÿ“Œ No Customer Data or Encrypted Password Vaults Were Breached in LastPass Incident


๐Ÿ“ˆ 39.54 Punkte

๐Ÿ“Œ LastPass revealed that encrypted password vaults were stolen


๐Ÿ“ˆ 39.54 Punkte

๐Ÿ“Œ LastPass finally admits: They did steal your password vaults after all


๐Ÿ“ˆ 39.54 Punkte

๐Ÿ“Œ LastPass password vaults crackable for $100, alleges 1Password


๐Ÿ“ˆ 39.54 Punkte

๐Ÿ“Œ LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults


๐Ÿ“ˆ 39.54 Punkte

๐Ÿ“Œ Cybersecurity experts, do you use password vaults for your logins?


๐Ÿ“ˆ 36.61 Punkte

๐Ÿ“Œ Hackers obtained LastPass customer data vaults in recent data breach


๐Ÿ“ˆ 33.53 Punkte

๐Ÿ“Œ I am not entirely convinced by the security of password vaults/managers.


๐Ÿ“ˆ 29.38 Punkte

๐Ÿ“Œ Bitwarden adds passkey support to log into web password vaults


๐Ÿ“ˆ 27.47 Punkte

๐Ÿ“Œ Yay or Nay Password Vaults?


๐Ÿ“ˆ 27.47 Punkte

๐Ÿ“Œ Dropbox Launches Password Manager, Computer Backup, and Secure 'Vaults' Out of Beta


๐Ÿ“ˆ 27.47 Punkte

๐Ÿ“Œ Modern Family - Staffel 10: Recap zu Folge 4 "Torn Between Two Lovers"


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ OpenOffice Or LibreOffice? A Star Is Torn


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ With Microsoft Band Discontinued, Users Turn to Extreme Fixes for Torn Straps


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ Torn about switching to Linux for video editing...


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ Tesla Model 3 Torn Down, Hacked and Set On a Dynamometer, Exposing Unusual Tech Details


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ Torn between the Surface Go and Surface Pro? Perhaps we can help


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ Businesses torn between paying and not paying ransoms


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ Torn Banner Studios details Chivalry 2 post-launch content at E3


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ Torn Away Review (PC)


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ How much pass could LastPass pass if LastPass passed last pass? Login-leaking security hole fixed


๐Ÿ“ˆ 26.06 Punkte

๐Ÿ“Œ Lastpass released the first annual, โ€œ2018 global password security report,โ€ revealing true password behaviors in the workplace.


๐Ÿ“ˆ 25.99 Punkte

๐Ÿ“Œ Should i switch to bitwarden from lastpass or lastpass is fine?


๐Ÿ“ˆ 24.14 Punkte

๐Ÿ“Œ LastPass Android App Has Seven Trackers; LastPass Doesnโ€™t Know What They Do


๐Ÿ“ˆ 24.14 Punkte

๐Ÿ“Œ LastPass erlaubt passwortloses Anmelden รผber den LastPass Authenticator


๐Ÿ“ˆ 24.14 Punkte

๐Ÿ“Œ If one master password gets you in to everything, why are apps like lastpass and 1 password considered so safe?


๐Ÿ“ˆ 24.08 Punkte

๐Ÿ“Œ 1Password won't axe private vaults. It'll choke 'em to death instead


๐Ÿ“ˆ 21.46 Punkte











matomo