LastPass fixes some browser-based impersonation weaknesses<article>
<section class="page">
<p>
Sean Cassidy is a LastPass user and a security researcher. About a week ago, he
posted a blog entry about something he realized in using LastPass: Because of its reliance on browser-based alerts and logins on the desktop, rather than using a separate interface or native app login, it was easy to spoof.</p><p>
He’d sorted out the details months ago, but he writes that miscommunication and delays led to LastPass not fixing all the problems before he presented his work at
ShmooCon, a security event, in mid-January. Since then, Last Pass has reworked remaining issues, provided a more thorough explanation to its users, and explained its future direction to better reduce this kind of spoofing attack.</p><p class="jumpTag"><a href="/article/3025487/security/lastpass-fixes-some-browser-based-impersonation-weaknesses.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
LastPass fixes some browser-based impersonation weaknesses
