Open Side Menu Go to the Top
FAQ Today's Posts Search Twitter Discord
Register
LastPass hacked. LastPass hacked.
Post Reply Subscribe
...
Page 1 of 2
First
Page 1 of 2
Go to page:
Go
1 2
Last
Go to page:
Go
Page 1 of 2
First
Page 1 of 2
Go to page:
Go
1 2
Last
Go to page:
Go
06-15-2015 , 07:56 PM
#1
donfairplay
View Profile Send Message Find Posts By donfairplay Find Threads By donfairplay
grinder
Join Date: Nov 2006 Posts: 678
http://arstechnica.com/security/2015...ter-passwords/

https://blog.lastpass.com/2015/06/la...y-notice.html/

Pretty bad stuff.

I don't have experience with LastPass, but its been mentioned here a few times before. Ars technica recommends changing the master password and enabling two factor auth.
LastPass hacked. Quote
06-16-2015 , 02:16 AM
#2
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,387
I am sitting here safely on my keepass db
Come and hack moi
LastPass hacked. Quote
06-16-2015 , 12:31 PM
#3
catsec's Avatar
catsec
View Profile Send Message Find Posts By catsec Find Threads By catsec
centurion
Join Date: Apr 2014 Posts: 178
Quote:
Originally Posted by Gabethebabe
Come and hack moi
Gabethebabe,

Is this a challenge and explicit permission? Cheers!
LastPass hacked. Quote
06-16-2015 , 12:44 PM
#4
MarcoSilva92
View Profile Send Message Find Posts By MarcoSilva92 Find Threads By MarcoSilva92
adept
Join Date: Jun 2011 Posts: 734
And this is why I dislike such things as LastPass...
LastPass hacked. Quote
06-16-2015 , 01:44 PM
#5
Ricks
View Profile Send Message Find Posts By Ricks Find Threads By Ricks
old hand
Join Date: Nov 2005 Posts: 1,730
Quote:
Originally Posted by Gabethebabe
I am sitting here safely on my keepass db
Come and hack moi
LastPass hacked. Quote
06-16-2015 , 03:10 PM
#6
Low Key's Avatar
Low Key
View Profile Send Message Find Posts By Low Key Find Threads By Low Key
Carpal \'Tunnel
Join Date: Jan 2007 Posts: 33,327
Quote:
Originally Posted by Gabethebabe
I am sitting here safely on my keepass db
Come and hack moi
https://news.ycombinator.com/item?id=9727297

LastPass hacked. Quote
06-16-2015 , 03:47 PM
#7
jh1711's Avatar
jh1711
View Profile Send Message Find Posts By jh1711 Find Threads By jh1711
No freakin title????????
Join Date: May 2012 Posts: 3,743
Quote:
Originally Posted by Low Key
https://news.ycombinator.com/item?id=9727297
loooooooooool

So the attack scenario is that Evil can modify your KeePass DB, can somehow track if your master PW still works after each of his modification, and modify it enough times to get data for the error oracle. But he can't grab your PW for some reason.

There're scenarios were AE is needed or useful. But the offline database of a PW manager isn't one of them.
LastPass hacked. Quote
06-16-2015 , 03:48 PM
#8
Low Key's Avatar
Low Key
View Profile Send Message Find Posts By Low Key Find Threads By Low Key
Carpal \'Tunnel
Join Date: Jan 2007 Posts: 33,327
Man... I don't know what the **** you just said, Little Kid, but you're special man, you reached out, and you touch a brother's heart.
LastPass hacked. Quote
06-16-2015 , 04:05 PM
#9
jh1711's Avatar
jh1711
View Profile Send Message Find Posts By jh1711 Find Threads By jh1711
No freakin title????????
Join Date: May 2012 Posts: 3,743
Quote:
Originally Posted by Low Key
Man... I don't know what the **** you just said, Little Kid, but you're special man, you reached out, and you touch a brother's heart.
Well I didn't use more acronyms than the OP in your link.

Authenticated encryption (AE) makes sense when the executable code is better protected from alterations than the data. For example you could create a system where executable code can only be changed after inserting a (real life) key, but the encrypted data (here the stored passwords) can be changed without a key. In such a scenario you want that the application detects changes of the encrypted data. This prevents clever attacks (error oracle).

But on a normal computer that doesn't matter, because when somebody can alter your password database, he can also alter the code of your password manager.
LastPass hacked. Quote
06-16-2015 , 04:55 PM
#10
wellju's Avatar
wellju
View Profile Send Message Find Posts By wellju Find Threads By wellju
BSOD and racetrack Ninja
Join Date: Feb 2010 Posts: 5,247
Rule No.1, what can be hacked, will be hacked.

Clouds are just so convenient, instead of putting work into the passwords of one user, you can just do all of them at once.
LastPass hacked. Quote
06-17-2015 , 06:02 AM
#11
Bulrathi
View Profile Send Message Find Posts By Bulrathi Find Threads By Bulrathi
centurion
Join Date: Nov 2014 Posts: 182
This is a total non-event.
LastPass hacked. Quote
06-17-2015 , 06:58 AM
#12
mahnahmahnah
View Profile Send Message Find Posts By mahnahmahnah Find Threads By mahnahmahnah
adept
Join Date: Apr 2013 Posts: 805
Quote:
Originally Posted by Bulrathi
This is a total non-event.
I disagree. A minor event, due to the cryptography in use at lastpass, yes - but not a non-event.

People should still consider changing their master password, imo.
LastPass hacked. Quote
06-17-2015 , 01:30 PM
#13
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,387
Quote:
Originally Posted by catsec
Gabethebabe,

Is this a challenge and explicit permission? Cheers!


If you come at the Emperor, you better not miss
LastPass hacked. Quote
06-21-2015 , 03:58 PM
#14
jh1711's Avatar
jh1711
View Profile Send Message Find Posts By jh1711 Find Threads By jh1711
No freakin title????????
Join Date: May 2012 Posts: 3,743
Serious OS X and iOS flaws let hackers steal keychain, 1Password contents

For those who took the 1Password advice from the keepass link.
LastPass hacked. Quote
06-21-2015 , 07:01 PM
#15
Joseph Hewes
View Profile Find Posts By Joseph Hewes Find Threads By Joseph Hewes
self-banned
Join Date: Aug 2007 Posts: 2,466
Quote:
Originally Posted by MarcoSilva92
And this is why I dislike such things as LastPass...
+1
LastPass hacked. Quote
06-27-2015 , 08:18 AM
#16
wellju's Avatar
wellju
View Profile Send Message Find Posts By wellju Find Threads By wellju
BSOD and racetrack Ninja
Join Date: Feb 2010 Posts: 5,247
This is why there is keepass and nothing else. What can't be hacked won't be hacked.
LastPass hacked. Quote
06-27-2015 , 10:58 AM
#17
Low Key's Avatar
Low Key
View Profile Send Message Find Posts By Low Key Find Threads By Low Key
Carpal \'Tunnel
Join Date: Jan 2007 Posts: 33,327
Anyone read that article about how windows X is trying to handle passwords? Seems an appropriate place for that sort of discussion
LastPass hacked. Quote
06-27-2015 , 11:50 AM
#18
astrobeaver's Avatar
astrobeaver
View Profile Send Message Find Posts By astrobeaver Find Threads By astrobeaver
journeyman
Join Date: Dec 2011 Posts: 271
I've been using LastPass for about a year now (used to be on Keepass earlier). I'm not worried after hearing this.

If you're going to use a cloud based service, just have 2-factor auth activated and memorize a randomly generated master password. It's not rocket science.
LastPass hacked. Quote
06-29-2015 , 05:46 AM
#19
mahnahmahnah
View Profile Send Message Find Posts By mahnahmahnah Find Threads By mahnahmahnah
adept
Join Date: Apr 2013 Posts: 805
Quote:
Originally Posted by astrobeaver
I've been using LastPass for about a year now (used to be on Keepass earlier). I'm not worried after hearing this.

If you're going to use a cloud based service, just have 2-factor auth activated and memorize a diceware (http://world.std.com/~reinhold/diceware.html) master password. It's not rocket science.
FYP
LastPass hacked. Quote
06-30-2015 , 01:49 PM
#20
jh1711's Avatar
jh1711
View Profile Send Message Find Posts By jh1711 Find Threads By jh1711
No freakin title????????
Join Date: May 2012 Posts: 3,743
Another week another weakness. An SQLi for Password Manager Pro 8.1 was sent via fulldisclosure today.
LastPass hacked. Quote
07-09-2015 , 02:49 AM
#21
catsec's Avatar
catsec
View Profile Send Message Find Posts By catsec Find Threads By catsec
centurion
Join Date: Apr 2014 Posts: 178
Quote:
Originally Posted by Gabethebabe


If you come at the Emperor, you better not miss


LastPass hacked. Quote
07-11-2015 , 03:33 PM
#22
james_harrison's Avatar
james_harrison
View Profile Find Posts By james_harrison Find Threads By james_harrison
self-banned
Join Date: Sep 2014 Posts: 288
Gabe, or anyone else who knows.. I read the What is KeePass ? on the official site, but im unsure if and or how it integrates into internet explorer, or is it just a manager ?
LastPass hacked. Quote
07-12-2015 , 09:27 AM
#23
wellju's Avatar
wellju
View Profile Send Message Find Posts By wellju Find Threads By wellju
BSOD and racetrack Ninja
Join Date: Feb 2010 Posts: 5,247
For Chrome and FF at least there is keepasshttp and a browser plugin: http://www.ashout.com/chromeipass-in...s-with-chrome/
LastPass hacked. Quote
07-12-2015 , 12:40 PM
#24
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,387
Why would browser integration be necessary?

Just hit the shortcut key and the password gets typed in your browser
LastPass hacked. Quote
07-12-2015 , 01:03 PM
#25
james_harrison's Avatar
james_harrison
View Profile Find Posts By james_harrison Find Threads By james_harrison
self-banned
Join Date: Sep 2014 Posts: 288
Its not necessary, i was just thinking about auto-fill and how IE is a perfectly capable browser but lacks quality password management.

edit: thanks for the reply, might check it out
LastPass hacked. Quote
Page 1 of 2
First
Page 1 of 2
Go to page:
Go
1 2
Last
Go to page:
Go
Post Reply Subscribe
...
Page 1 of 2
First
Page 1 of 2
Go to page:
Go
1 2
Last
Go to page:
Go
      
Feedback is used for internal purposes. LEARN MORE
Contact Us Privacy Statement TOS
Top
Powered by:  Hand2Note
Copyright ©2008-2022, Hand2Note Interactive LTD
m