LastPass mitigates creds-stealing phishing attack

LastPass mitigates creds-stealing phishing attack
iTnews ^ | Jan 20 2016 8:59AM (AUS) | Juha Saarinen

Posted on 01/19/2016 6:51:35 PM PST by Utilizer

Popular credentials manager LastPass has taken steps to counter a "very simple" phishing attack that could see users' passwords, email addresses and two-factor authentication tokens stolen.

Researcher Sean Cassidy posted proof of a successful phishing attack using a faked LastPass notification in a web browser earlier this month, following a presentation at hacker conference Schmoocon.

By setting up a malicious website that displays notifications telling users their LastPass sessions have expired, Cassidy was able to create a page that lured people into entering their credentials for the password manager.

The researcher called the attack LostPass. A successful capture of user LastPass credentials would allow attackers full access to all login details stored in the password manager.

According to Cassidy, the attack works best on the popular Google Chrome web browser.

(Excerpt) Read more at itnews.com.au ...

TOPICS: Business/Economy; Computers/Internet
KEYWORDS: browsers; chrome; google; malware; passwords; passwordtheft; security

LastPass browser security password threat.

Chrome users beware...

1 posted on 01/19/2016 6:51:35 PM PST by Utilizer

[ Post Reply | Private Reply | View Replies]

To: Utilizer

First mistake was using Chrome, a virus disguised as a browser.

2 posted on 01/19/2016 8:21:27 PM PST by anymouse (God didn't write this sitcom we call life, he's just the critic.)

[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

Ahem.... the company I am at started using Lastpass these past few months.

3 posted on 01/19/2016 8:23:41 PM PST by minnesota_bound

[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

Take a look at a program (open source software) called KeePass.

4 posted on 01/19/2016 8:24:53 PM PST by r_barton ("Trump" word origin "Triumph" - Merriam-Webster Dictionary)

[ Post Reply | Private Reply | To 1 | View Replies]

To: anymouse

*laugh* Many would claim it was actually MS-Explorer, that started it all.

Me, I will stick to Opera, and Firefox if necessary, but some people use Chrome and like it so this is something that they might wish to take a look at.

5 posted on 01/19/2016 8:26:16 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)

[ Post Reply | Private Reply | To 2 | View Replies]

To: Utilizer

I've been using LastPass about seven years and love it. Last year I added two-factor authentication using a Yubikey for added security and peace of mind:

6 posted on 01/19/2016 9:29:38 PM PST by ProtectOurFreedom

[ Post Reply | Private Reply | To 1 | View Replies]

To: anymouse

First mistake was using Chrome, a virus disguised as a browser.

************************************************************

I agree with you.

What do you suggest and please don’t say Mozilla FireFox.

7 posted on 01/20/2016 1:13:36 AM PST by Graybeard58 (Bill and Hillary Clinton are the penicillin-resistant syphilis of our political system.)

[ Post Reply | Private Reply | To 2 | View Replies]

To: Graybeard58

Sorry to disappoint you, but Firefox with appropriate plugins is best that I’ve seen.
Of course any fool can click on a phony website and infect themselves. Helps to have some good antivirus software too.

8 posted on 01/20/2016 9:28:36 AM PST by anymouse (God didn't write this sitcom we call life, he's just the critic.)

[ Post Reply | Private Reply | To 7 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search

General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794