Get Support

Blog

Argentum IT LLC Blog

Argentum IT LLC has been serving the Louisville area since 2010, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

Don’t Be the Last to Learn of this LastPass Vulnerability

Don’t Be the Last to Learn of this LastPass Vulnerability

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

Tavis Ormandy showed that LastPass’ browser extension can allow malicious websites to access the passwords stored within--even with LastPass’ considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple.

To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing.

Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:

 

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense.

You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it’s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.”

As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it’s best to keep LastPass’ advice in mind as you go about your daily duties--for your own network’s sake.

To ensure your credentials are protected, and to schedule a full security audit, contact Argentum IT at (502) 473-6407. 

Tags:
Privacy Alert

About the author

Dean Lause

Dean Lause

Dean Lause is a technologist to the highest degree. When he was in middle school, he learned and developed small programs using BASIC programming code on his Commodore 64. He was one of the first to post to bulletin boards on the newly emerging “Internet” and built a mini-network in his home. He competed in his senior year of high school, placing 1st regionally, 2nd in State and 17th Nationally in computer specialist competitions. Today, he enjoys technology as much as he did then. In fact, he has a “Smart Home,” with connected devices controlled by A.I., mobile apps, and voice commands. When he is ready to go to sleep, all he needs to say is “Good night,” and Voila! all of the lights in the entire house turn off, the doors lock, the TV/DVR turn off, the house alarm is set and the alarm clock for the morning is ready to go! After a 4-year stint in the Army as a computer specialist, Dean spent the next 20 years in Fortune 500 Enterprise IT environments. He quickly building his IT skill set, becoming an expert in VMWare and Citrix and various other technologies. Dean served as the Director of Network Infrastructure & Security of North American Operations in his last role before joining Argentum IT and completing his MBA with a specialty in Accounting in 2011. Dean understands not only the technical side of how devices work together and integrate within an environment, but also understands and designs the environment from a business point of view for productivity. He strives to provide cost-savings, efficiency and practicality to solve the real issues that are present for each individual client he works with. Leveraging his 20+ years’ of enterprise-level experience, for the past ten years, Dean has consulted with numerous Fortune 500 companies across the country on issues relating to network infrastructure and security, Citrix XenDesktop, VMWare implementation and capacity planning, Office 365/Exchange Email Migrations as well as Mobile Device Management and Disaster Recovery Planning. He has also been engaged to develop and improve technology processes as well as accomplish technology projects on time and budget. Today, Dean uses all of these skills and more to aid small to medium-sized businesses to utilize technology to run their companies more profitably and efficiently. As Chief Technical Officer of Argentum IT, LLC for the past ten years, Dean has supervised a proactive service desk who educates clients on technology best practices, designed multiple infrastructure environments for clients (both big and small), to fit their needs and built a sizeable hosted infrastructure environment – including VMWare and Citrix “products”. Dean’s breadth of experience affords him a unique view of IT and business challenges, which allows him to help customize and develop unique solutions to solving IT and Cyber Security challenges.

Author's recent posts

More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 25 April 2024

Captcha Image

Customer Login

News & Updates

On A Mission To Simplify IT, Dean Lause Turned His Parents IT Struggles Into Inspiration And Became The Premier IT Solution For Small and Medium Sized Businesses in Louisville, Kentucky

Back in the 1980’s, despite owning one of the first home computers, the Tandy TRS-80, society found technology more of a hindrance than a help. But Dean loved technology and from an early age understood it could help.

Read More

Contact us

Learn more about what Argentum IT can do for your business.

Argentum IT
1141 S. 2nd Street
Louisville, Kentucky 40203

Copyright Argentum IT. All Rights Reserved.