|
Title: LastPass fixes some browser-based impersonation weaknesses Post by: HCK on January 25, 2016, 03:00:21 pm LastPass fixes some browser-based impersonation weaknesses
<article> <section class="page"> <p> Sean Cassidy is a LastPass user and a security researcher. About a week ago, he posted a blog entry (https://www.seancassidy.me/lostpass.html) about something he realized in using LastPass: Because of its reliance on browser-based alerts and logins on the desktop, rather than using a separate interface or native app login, it was easy to spoof.</p><p> He’d sorted out the details months ago, but he writes that miscommunication and delays led to LastPass not fixing all the problems before he presented his work at ShmooCon (http://shmoocon.org), a security event, in mid-January. Since then, Last Pass has reworked remaining issues, provided a more thorough explanation to its users, and explained its future direction to better reduce this kind of spoofing attack.</p><p class="jumpTag"><a href="/article/3025487/security/lastpass-fixes-some-browser-based-impersonation-weaknesses.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article> Source: LastPass fixes some browser-based impersonation weaknesses (http://www.macworld.com/article/3025487/security/lastpass-fixes-some-browser-based-impersonation-weaknesses.html#tk.rss_all) |