Posted on 01/19/2016 6:51:35 PM PST by Utilizer
Popular credentials manager LastPass has taken steps to counter a "very simple" phishing attack that could see users' passwords, email addresses and two-factor authentication tokens stolen.
Researcher Sean Cassidy posted proof of a successful phishing attack using a faked LastPass notification in a web browser earlier this month, following a presentation at hacker conference Schmoocon.
By setting up a malicious website that displays notifications telling users their LastPass sessions have expired, Cassidy was able to create a page that lured people into entering their credentials for the password manager.
The researcher called the attack LostPass. A successful capture of user LastPass credentials would allow attackers full access to all login details stored in the password manager.
According to Cassidy, the attack works best on the popular Google Chrome web browser.
(Excerpt) Read more at itnews.com.au ...
Chrome users beware...
First mistake was using Chrome, a virus disguised as a browser.
Ahem.... the company I am at started using Lastpass these past few months.
Take a look at a program (open source software) called KeePass.
*laugh* Many would claim it was actually MS-Explorer, that started it all.
Me, I will stick to Opera, and Firefox if necessary, but some people use Chrome and like it so this is something that they might wish to take a look at.
First mistake was using Chrome, a virus disguised as a browser.
************************************************************
I agree with you.
What do you suggest and please don’t say Mozilla FireFox.
Sorry to disappoint you, but Firefox with appropriate plugins is best that I’ve seen.
Of course any fool can click on a phony website and infect themselves. Helps to have some good antivirus software too.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.