Jump to content
NotebookTalk

Etern4l

Recommended Posts

  • 2 weeks later...
On 12/25/2022 at 4:12 PM, Etern4l said:

And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route.

  • Thumb Up 3

Alienware M18X R2 | Nebula Red | i7 3740QM [OC'd to 4Ghz] | 32GB RAM | NVIDIA Quadro P4000 | 75hz OC'd Display |

MXM to NVMe Adapter with Samsung 970 Evo Plus 2TB

Alienware 17 R4 | i7 6700HQ | 16GB RAM | GTX 1070 | 100hz OC'd LG 1080p Display

Alienware M18X R1 | Space Black | i7 2960XM | 16GB RAM | GTX 780M

 
Link to comment
Share on other sites

11 hours ago, Azther said:

And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route.

absolutely best route to go! especially for such a simple app, u dont need to take every shitty lil thing online these days, geez...

  • Thumb Up 2
  • Like 1

Mine: Hyperion "Titan God of Heat, Heavenly Light, Power" (2022-24)
AMD Ryzen 9 7950X (TG High Perf. IHS) / Asus ROG Crosshair X670E Extreme / MSI Geforce RTX 4090 Suprim X / Teamgroup T-Force Delta RGB DDR5-8200 2x24 GB / Seagate Firecuda 530 4 TB / 5x Samsung 860 Evo 4 TB / Arctic Liquid Freezer II 420 (Push/Pull 6x Noctua NF-A14 IndustrialPPC-3000 intake) / Seasonic TX-1600 W Titanium / Phanteks Enthoo Pro 2 TG (3x Arctic P12 A-RGB intake / 4x Arctic P14 A-RGB exhaust / 1x Arctic P14 A-RGB RAM cooling) / Samsung Odyssey Neo G8 32" 4K 240 Hz / Ducky One 3 Daybreak Fullsize Cherry MX Brown / Corsair M65 Ultra RGB / PDP Afterglow Wave Black / Beyerdynamic DT 770 Pro X Limited Edition

 

My Lady's: Clevo NH55JNNQ "Alfred" (2022-24)
Sharp LQ156M1JW03 FHD matte 15.6" IGZO 8 bit @248 Hz / Intel Core i5 12600 / Nvidia Geforce RTX 3070 Ti / Mushkin Redline DDR4-3200 2x32 GB / Samsung 970 Pro 1 TB / Samsung 870 QVO 8 TB / Intel AX201 WIFI 6+BT 5.2 / Win 11 Pro Phoenix Lite OS / 230 W PSU powered by Prema Mod!

Link to comment
Share on other sites

18 hours ago, Azther said:

And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route.

 

7 hours ago, jaybee83 said:

absolutely best route to go! especially for such a simple app, u dont need to take every shitty lil thing online these days, geez...

 

Yep, I use no online keychain anything even Apple. As much as I love my iphone/ipad, I keep everything external and portable.

 

Keeping anything like this in a cloud based service is just asking to be compromised. Once compromised, all your information is open for the taking.

 

 

  • Thumb Up 1
  • Like 1
  • Bump 1

Electrosoft Prime: SP109 14900KS  | Asrock Z790i Lightning  | MSI Suprim X Liquid 4090 | AC LF II 420 | TG 2x16GB 8200 | Samsung 990 Pro 2TB | EVGA 1600w P2 | Phanteks Ethroo Pro | Alienware AW3225QF 32" OLED
Heath: i9-12900k | EVGA CLC 280 | Asus Strix Z690 D4 | Asus Strix 3080 | 32GB DDR4 2x16GB B-Die 4000  | WD Black SN850 512GB |  EVGA DG-77 | Samsung G7 32" 144hz 32"

My for sale items on eBay.

 

 

 


 

Link to comment
Share on other sites

  • 1 month later...

Yep, LastPass play Russian roulette with your security. On top they want that you pay for it. What a great deal. They should offer their services for free the next one or two years for already paying customers. This if they still want their services.

 

Good Game Handshake GIF by Gaming GIFs

 

The latest LastPass fail came from an employee’s home PC

A key component of the 2022 hack was an employee's home computer that was running vulnerable third-party software.

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOTTeam PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

LastPass Employee Could've Prevented Hack With a Software Update pcmag.com

The hacker exploited a vulnerability in the Plex Media Server software that was patched in May 2020. 'The version that addressed this exploit was roughly 75 versions ago,' Plex says.

 

 

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOTTeam PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

I didn't really understand just how bad LastPass's security practices were until reading this post on Mastodon from a Yahoo! security engineer.  It's a bit long and a bit technical, even as a professional developer with some interest in security, but he's not kidding when he says they committed essentially every crypto 101 sin.  Roll their own crypto... use outdated encraption rather than modern encryption... store the entire vault unencrypted in memory... tracking all the sites you log in to... I could go on (and the Yahoo! guy does), but it makes you wonder what they spent all their revenue on to have so many flaws.

 

Meanwhile, KeePass, which doesn't have a revenue model, has none of those flaws, and not just because it's offline but because it's designed with security in mind.  It sounds like 1Password and BitWarden are significantly better-designed as well.

 

Maybe LastPass was always just an service that had a good user interface and the idea of only having to know one password, but they never really did know anything/care about security?

 

Now the question is, will it do enough reputational/financial damage to make a difference?  Will the tech press stop recommending LastPass, or even call out "whatever you use, don't use LastPass?"  I'm skeptical.  It wasn't until I read the Yahoo! guy's post that I realized how bad the rot goes, so how's the average person going to realize it's a house of cards?  Though there is a class action lawsuit about it now, so that's something...

 

Edit: There's also a great breakdown by a Polish guy that's not as technical as the Yahoo! one but still does a great job of conveying why this is a big deal.  One of the takeways is the longer you've been a LastPass user, the easier your database is to crack!  Not a good way to reward their customers!

  • Thumb Up 1

Desktop: Core i5 2500k "Sandy Bridge" | RX 480 | 32 GB DDR3 | 1 TB 850 Evo + 512 GB NVME + HDDs | Seasonic 650W | Noctua Fans | 8.1 Pro

Laptop: MSI Alpha 15 | Ryzen 5800H | Radeon 6600M | 64 GB DDR4 | 4 TB TLC SSD | 10 Home

Laptop history: MSI GL63 (2018) | HP EliteBook 8740w (acq. 2014) | Dell Inspiron 1520 (2007)

Link to comment
Share on other sites

  • 6 months later...

And it continues.....

 

 

If you’re a LastPass user, be on guard for phishing emails in your inbox. Hackers are launching waves of malicious messages impersonating the password manager

 

LastPass this week warned users about the threat, saying the first wave of phishing emails began on Sept. 13. “Our customers began reporting a pervasive and convincing phishing campaign. The campaign had global reach and targeted a variety of sectors, including 87 of our own employees,” the company wrote in a blog post.

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOTTeam PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use