![]() LastPass doesn’t keep any customer data in its development environment.This is a good cybersecurity practice because it prevents an attack on the development network (where things are inevitably in an ongoing state of change and experimentation) from turning into an immediate compromise of the official sofware that’s directly available to customers and the rest of the business. LastPass keeps its development and production networks physically separate.How to deal with dates and times without any timezone tantrums… The attacker “utilised their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.” We assume this means that the hacker never needed to acquire the victim’s password or 2FA code, but simply used a cookie-stealing attack, or extracted the developer’s authentication token from genuine network traffic (or from the RAM of the victim’s computer) in order to piggy-back on the programmer’s usual access:.Hats off to LastPass for admitting to what amounts to a “known unknown”. ![]() Many potential attack vectors spring to mind, including: unpatched local software, “shadow IT” leading to an insecure local configuration, a phishing click-through blunder, unsafe downloading habits, treachery in the source code supply chain relied on by the coder concerned, or a booby-trapped email attachment opened in error. That’s disappointing, because knowing how your last attack was actually carried out makes it easier to reassure customers that your revised prevention, detection and response procedures are likely to block it next time. The trick used to implant the malware couldn’t be determined.The attacker “gained access to the evelopment environment using a developer’s compromised endpoint.” We’re assuming this was down to the attacker implanting system-snooping malware on a programmer’s computer.I am moving my account elsewhere.The boldface sentences below provide an outline of what LastPass is saying: Which I suppose is fair enough, but I assume that if I'm having these problems, others must too. When I raised one of the issues with their customer support, they told me I wasn't entitled to support as a free customer. There isn't an option to say - don't ever ask to save the password, so I have to choose Not now every time I log in to my bank account where I don't want my password saving. I had to delete the LastPass password for that site as it wouldn't work otherwise. In one app where I am the administrator and add new users, it kept overwriting the username I put in for mine and wouldn't let me change it. It wouldn't let me choose a different email address and password on one site and kept defaulting to one. It also wants to fill in fields that aren't password fields and that is really irritating. Such as the three dots that appear in the box in which you are typing which overwrites the show password option which sometimes you want. Generally, LastPass is pretty good, but it has some features which are annoying. LastPass has some annoying 'features' that make it difficult to use
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |