Jump to content
NotebookTalk

Etern4l
 Share

Recommended Posts

  • 2 weeks later...
On 12/25/2022 at 4:12 PM, Etern4l said:

And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route.

  • Thumb Up 3

Alienware M18X R2 | Nebula Red | i7 3740QM [OC'd to 4Ghz] | 32GB RAM | NVIDIA Quadro P4000 | 75hz OC'd Display |

MXM to NVMe Adapter with Samsung 970 Evo Plus 2TB

Alienware 17 R4 | i7 6700HQ | 16GB RAM | GTX 1070 | 100hz OC'd LG 1080p Display

Alienware M18X R1 | Space Black | i7 2960XM | 16GB RAM | GTX 780M

 
Link to comment
Share on other sites

11 hours ago, Azther said:

And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route.

absolutely best route to go! especially for such a simple app, u dont need to take every shitty lil thing online these days, geez...

  • Thumb Up 2
  • Like 1

Mine: Hyperion "Titan God of Heat, Heavenly Light, Power" (2022)
AMD Ryzen 9 7950X / Asus ROG Crosshair X670E Extreme / MSI Geforce RTX 4090 Suprim X / G.Skill Trident Z5 RGB DDR5-6600 2x16 GB / Seagate Firecuda 530 4 TB / 2x Samsung 860 Evo 4 TB / Arctic Liquid Freezer II 420 / Seasonic TX-1600 W Titanium / Phanteks Enthoo Pro 2 TG / Samsung Odyssey Neo G8 32" UHD 240 Hz / Ducky One 3 Daybreak Fullsize Cherry MX Brown / Corsair M65 Ultra RGB

 

My Lady's: Clevo NH55JNNQ "Alfred" (2022)
Sharp LQ156M1JW03 FHD matte 15.6" IGZO 8 bit @248 Hz / Intel 12600 @ 4.4 - 4.8 Ghz / Nvidia 3070 Ti 8 GB GDDR6 / G.Skill 16 GB DDR4-3800 / Samsung 970 Pro 1 TB / Intel AX201 ax+BT / Win 11 Pro Phoenix Lite OS / 230 W PSU powered by Prema Mod!

Link to comment
Share on other sites

18 hours ago, Azther said:

And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route.

 

7 hours ago, jaybee83 said:

absolutely best route to go! especially for such a simple app, u dont need to take every shitty lil thing online these days, geez...

 

Yep, I use no online keychain anything even Apple. As much as I love my iphone/ipad, I keep everything external and portable.

 

Keeping anything like this in a cloud based service is just asking to be compromised. Once compromised, all your information is open for the taking.

 

 

  • Thumb Up 1
  • Like 1
  • Bump 1

Electrosoft Prime: 7800X3D | MSI x670e Carbon | MSI Suprim X Liquid 4090 | EVGA CLC 360mm AIO | SK Hynix 6000 M-Die 2x16GB | Samsung 980 1TB | EVGA 1600w P2 | Phanteks Ethroo Pro | Samsung G9 43" 4k mLED

Eurocom Raptor X15 | 12900k | Nvidia RTX 3070ti | 15.6" 1080p 240hz | Kingston 3200 32GB (2x16GB) | Samsung 980 Pro 1TB Heatsink Edition
Heath: i3-12100f | Asrock B660M Pro RS | Asus Strix 3080  | 32GB Klex 3600mhz  | WD Black SN850 512GB |  EVGA DG-77 | HP ZR30w 30" 2560x1600 IPS

MelMel: i5-12500 | Asus Prime B660 | Asus KO RTX 3070 | 32GB G.Skill 3333 |  512GB M.2 | Gamdias | Dell 25" 240hz 1080p

 

 


 

Link to comment
Share on other sites

  • 1 month later...

Yep, LastPass play Russian roulette with your security. On top they want that you pay for it. What a great deal. They should offer their services for free the next one or two years for already paying customers. This if they still want their services.

 

Good Game Handshake GIF by Gaming GIFs

 

The latest LastPass fail came from an employee’s home PC

A key component of the 2022 hack was an employee's home computer that was running vulnerable third-party software.

"The Killer"  ASUS ROG Z690 Apex | 13900K | 4090 HOF | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W) | Corsair Obsidian 1000D | Custom Loop | Asus ROG Strix XG27AQ 27" Monitors  

 

                                                 Papusan @ HWBOTTeam PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

LastPass Employee Could've Prevented Hack With a Software Update pcmag.com

The hacker exploited a vulnerability in the Plex Media Server software that was patched in May 2020. 'The version that addressed this exploit was roughly 75 versions ago,' Plex says.

 

 

"The Killer"  ASUS ROG Z690 Apex | 13900K | 4090 HOF | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W) | Corsair Obsidian 1000D | Custom Loop | Asus ROG Strix XG27AQ 27" Monitors  

 

                                                 Papusan @ HWBOTTeam PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

I didn't really understand just how bad LastPass's security practices were until reading this post on Mastodon from a Yahoo! security engineer.  It's a bit long and a bit technical, even as a professional developer with some interest in security, but he's not kidding when he says they committed essentially every crypto 101 sin.  Roll their own crypto... use outdated encraption rather than modern encryption... store the entire vault unencrypted in memory... tracking all the sites you log in to... I could go on (and the Yahoo! guy does), but it makes you wonder what they spent all their revenue on to have so many flaws.

 

Meanwhile, KeePass, which doesn't have a revenue model, has none of those flaws, and not just because it's offline but because it's designed with security in mind.  It sounds like 1Password and BitWarden are significantly better-designed as well.

 

Maybe LastPass was always just an service that had a good user interface and the idea of only having to know one password, but they never really did know anything/care about security?

 

Now the question is, will it do enough reputational/financial damage to make a difference?  Will the tech press stop recommending LastPass, or even call out "whatever you use, don't use LastPass?"  I'm skeptical.  It wasn't until I read the Yahoo! guy's post that I realized how bad the rot goes, so how's the average person going to realize it's a house of cards?  Though there is a class action lawsuit about it now, so that's something...

 

Edit: There's also a great breakdown by a Polish guy that's not as technical as the Yahoo! one but still does a great job of conveying why this is a big deal.  One of the takeways is the longer you've been a LastPass user, the easier your database is to crack!  Not a good way to reward their customers!

  • Thumb Up 1

Desktop: Core i5 2500k "Sandy Bridge" | RX 480 | 32 GB DDR3 | 850 Evo + HDDs | Seasonic 650W | Noctua Fans | 8.1 Pro

Laptop: MSI Alpha 15 | Ryzen 5800H | Radeon 6600M | 16 GB DDR4 | 512 GB SSD | 10 Home

Laptop history: MSI GL63 (2018) | HP EliteBook 8740w (acq. 2014) | Dell Inspiron 1520 (2007)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use