Etern4l Posted December 25, 2022 Share Posted December 25, 2022 LastPass users: Your info and password vault data are now in hackers’ hands 1 "We're rushing towards a cliff, but the closer we get, the more scenic the views are." AI: Major Emerging Existential Threat To Humanity I like you, I just don't like "Likes" Link to comment Share on other sites More sharing options...
Azther Posted January 3 Share Posted January 3 On 12/25/2022 at 4:12 PM, Etern4l said: LastPass users: Your info and password vault data are now in hackers’ hands And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route. 3 Alienware M18X R2 | Nebula Red | i7 3740QM [OC'd to 4Ghz] | 32GB RAM | NVIDIA Quadro P4000 | 75hz OC'd Display | MXM to NVMe Adapter with Samsung 970 Evo Plus 2TB Alienware 17 R4 | i7 6700HQ | 16GB RAM | GTX 1070 | 100hz OC'd LG 1080p Display Alienware M18X R1 | Space Black | i7 2960XM | 16GB RAM | GTX 780M Link to comment Share on other sites More sharing options...
jaybee83 Posted January 3 Share Posted January 3 11 hours ago, Azther said: And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route. absolutely best route to go! especially for such a simple app, u dont need to take every shitty lil thing online these days, geez... 2 1 Mine: Hyperion "Titan God of Heat, Heavenly Light, Power" (2022) AMD Ryzen 9 7950X / Asus ROG Crosshair X670E Extreme / MSI Geforce RTX 4090 Suprim X / G.Skill Trident Z5 RGB DDR5-6600 2x16 GB / Seagate Firecuda 530 4 TB / 2x Samsung 860 Evo 4 TB / Arctic Liquid Freezer II 420 / Seasonic TX-1600 W Titanium / Phanteks Enthoo Pro 2 TG / Samsung Odyssey Neo G8 32" UHD 240 Hz / Ducky One 3 Daybreak Fullsize Cherry MX Brown / Corsair M65 Ultra RGB My Lady's: Clevo NH55JNNQ "Alfred" (2022) Sharp LQ156M1JW03 FHD matte 15.6" IGZO 8 bit @248 Hz / Intel 12600 @ 4.4 - 4.8 Ghz / Nvidia 3070 Ti 8 GB GDDR6 / G.Skill 16 GB DDR4-3800 / Samsung 970 Pro 1 TB / Intel AX201 ax+BT / Win 11 Pro Phoenix Lite OS / 230 W PSU powered by Prema Mod! Link to comment Share on other sites More sharing options...
electrosoft Posted January 3 Share Posted January 3 18 hours ago, Azther said: And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route. 7 hours ago, jaybee83 said: absolutely best route to go! especially for such a simple app, u dont need to take every shitty lil thing online these days, geez... Yep, I use no online keychain anything even Apple. As much as I love my iphone/ipad, I keep everything external and portable. Keeping anything like this in a cloud based service is just asking to be compromised. Once compromised, all your information is open for the taking. 1 1 1 Electrosoft Prime: 7800X3D | MSI x670e Carbon | MSI Suprim X Liquid 4090 | EVGA CLC 360mm AIO | SK Hynix 6000 M-Die 2x16GB | Samsung 980 1TB | EVGA 1600w P2 | Phanteks Ethroo Pro | Samsung G9 43" 4k mLED Eurocom Raptor X15 | 12900k | Nvidia RTX 3070ti | 15.6" 1080p 240hz | Kingston 3200 32GB (2x16GB) | Samsung 980 Pro 1TB Heatsink Edition Heath: i3-12100f | Asrock B660M Pro RS | Asus Strix 3080 | 32GB Klex 3600mhz | WD Black SN850 512GB | EVGA DG-77 | HP ZR30w 30" 2560x1600 IPS MelMel: i5-12500 | Asus Prime B660 | Asus KO RTX 3070 | 32GB G.Skill 3333 | 512GB M.2 | Gamdias | Dell 25" 240hz 1080p Link to comment Share on other sites More sharing options...
Papusan Posted March 1 Share Posted March 1 Yep, LastPass play Russian roulette with your security. On top they want that you pay for it. What a great deal. They should offer their services for free the next one or two years for already paying customers. This if they still want their services. The latest LastPass fail came from an employee’s home PC A key component of the 2022 hack was an employee's home computer that was running vulnerable third-party software. "The Killer" ASUS ROG Z690 Apex | 13900K | 4090 HOF | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W) | Corsair Obsidian 1000D | Custom Loop | Asus ROG Strix XG27AQ 27" Monitors Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel Link to comment Share on other sites More sharing options...
Papusan Posted March 5 Share Posted March 5 LastPass Employee Could've Prevented Hack With a Software Update pcmag.com The hacker exploited a vulnerability in the Plex Media Server software that was patched in May 2020. 'The version that addressed this exploit was roughly 75 versions ago,' Plex says. "The Killer" ASUS ROG Z690 Apex | 13900K | 4090 HOF | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W) | Corsair Obsidian 1000D | Custom Loop | Asus ROG Strix XG27AQ 27" Monitors Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel Link to comment Share on other sites More sharing options...
Sandy Bridge Posted March 9 Share Posted March 9 I didn't really understand just how bad LastPass's security practices were until reading this post on Mastodon from a Yahoo! security engineer. It's a bit long and a bit technical, even as a professional developer with some interest in security, but he's not kidding when he says they committed essentially every crypto 101 sin. Roll their own crypto... use outdated encraption rather than modern encryption... store the entire vault unencrypted in memory... tracking all the sites you log in to... I could go on (and the Yahoo! guy does), but it makes you wonder what they spent all their revenue on to have so many flaws. Meanwhile, KeePass, which doesn't have a revenue model, has none of those flaws, and not just because it's offline but because it's designed with security in mind. It sounds like 1Password and BitWarden are significantly better-designed as well. Maybe LastPass was always just an service that had a good user interface and the idea of only having to know one password, but they never really did know anything/care about security? Now the question is, will it do enough reputational/financial damage to make a difference? Will the tech press stop recommending LastPass, or even call out "whatever you use, don't use LastPass?" I'm skeptical. It wasn't until I read the Yahoo! guy's post that I realized how bad the rot goes, so how's the average person going to realize it's a house of cards? Though there is a class action lawsuit about it now, so that's something... Edit: There's also a great breakdown by a Polish guy that's not as technical as the Yahoo! one but still does a great job of conveying why this is a big deal. One of the takeways is the longer you've been a LastPass user, the easier your database is to crack! Not a good way to reward their customers! 1 Desktop: Core i5 2500k "Sandy Bridge" | RX 480 | 32 GB DDR3 | 850 Evo + HDDs | Seasonic 650W | Noctua Fans | 8.1 Pro Laptop: MSI Alpha 15 | Ryzen 5800H | Radeon 6600M | 16 GB DDR4 | 512 GB SSD | 10 Home Laptop history: MSI GL63 (2018) | HP EliteBook 8740w (acq. 2014) | Dell Inspiron 1520 (2007) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now