![]() We all benefit when this security model works for responsibly disclosing bugs, and are confident LastPass is stronger for the attention.”ĭespite the existence of bugs in products like LastPass, most information security experts recommend using a password manager. A week earlier, LastPass issued a fix for a pair of issues the security researcher reported, saying: “We greatly value the work that Tavis, Project Zero and other white-hat researchers provide. Ormandy has been focusing research efforts on LastPass for some time now, as part of his work with Google’s Project Zero, a wing of the company devoted to finding and reporting security flaws in other company’s products. ![]() It detailed three steps users could take to keep themselves safe: launch sites directly from the LastPass Vault use two-factor authentication and beware of phishing attacks. So you can expect a more detailed post-mortem once this work is complete.” We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. ![]() This attack is unique and highly sophisticated. In a warning to users, the password manager firm wrote: “We are now actively addressing the vulnerability.
0 Comments
Leave a Reply. |