[Cryptography] LastPass Broken (and Fixed)
Kent Borg
kentborg at borg.org
Wed Jul 27 10:18:09 EDT 2016
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
I seem to remember saying something recently about how users are going
to be dismayed when these password managers start blowing up in their
faces...
It looks like an autofill browser feature in Lastpass could be tricked
into autofilling all your passwords to a malicious web page.
Why would anyone sensible think such a tight integration with malicious
code could ever be secure? Okay, so this one has been fixed. This one...
There is no way to build a secure system if you don't pay attention to
the system boundaries. And a password manager that blends its boundaries
with every website you ever visit is asking for trouble. But it's
convenient, and convenience sells.
-kb, the Kent who is busily studying for a Google interview; so if you
want to hire him better move fast:
http://www.borg.org/~kentborg/kentborg-resume-long-2016-07-16.pdf
More information about the cryptography
mailing list