Overclock.net › Forums › Industry News › Software News ›  [BETANEWS]LastPass has serious flaw called 'LostPass' -- your passwords and more are at risk
New Posts  All Forums:Forum Nav:

[BETANEWS]LastPass has serious flaw called 'LostPass' -- your passwords and more are at risk - Page 13  

post #121 of 144
Quote:
Originally Posted by DuckieHo View Post

A great example is Mat Honan hack: http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

I remember seeing that video. In Sec + class in military tech school they showed us that and several other stuff like rogue wifi, etc last year.

One major reason I never use same password on any darn thing or the facebook/google sign on for other sites. Plus have 15-20+ length passwords. tongue.gif
     
CPUMotherboardGraphicsGraphics
5960X Gigabyte X99-UD3P GTX 1080Ti SC GTX 1070 SC 
GraphicsRAMHard DriveHard Drive
GTX 1070 SC GSkill TridentZ 32GB 3200MHz Samsung 840 Pro 256GB Crucial m4 512GB 
Hard DriveCoolingCoolingCooling
Seagate Barracuda 3TB EK EVO 2x EK Full Nickel/Acetal Titan X Block Monsoon Premium Bay Res v.2/ Vero D5 pump insta... 
CoolingCoolingOSMonitor
HWLab Black Ice 360/ 3x eLoops in Push/Pull Phobya 200/ Cooler Master Mega Flow Fan in Push Windows 7 Ultimate 64-bit Overlord 1440P 
KeyboardPowerCaseMouse
Corsair K70 Vengeance Corsair AX1200W Cooler Master Haf X Modded Logitech G500s 
CPUMotherboardGraphicsGraphics
1090T ASUS Sabertooth 990FX GTX960 FTW @ 1552MHz / Stock volts GTX980 STRIX 
RAMHard DriveCoolingCooling
Corsair Vegeance 8GB Intel SSD Corsair H60 Corsair H55/Kraken G10 on GTX960 
OSPowerCase
Ubuntu 15.04 Thermaltake Black Widow 850W NZXT Apollo (Soon to change) 
CPUOSCase
Intel Core i3 Ubuntu 14.04LTS Toshiba Satellite Ultrabook 
  hide details  
     
CPUMotherboardGraphicsGraphics
5960X Gigabyte X99-UD3P GTX 1080Ti SC GTX 1070 SC 
GraphicsRAMHard DriveHard Drive
GTX 1070 SC GSkill TridentZ 32GB 3200MHz Samsung 840 Pro 256GB Crucial m4 512GB 
Hard DriveCoolingCoolingCooling
Seagate Barracuda 3TB EK EVO 2x EK Full Nickel/Acetal Titan X Block Monsoon Premium Bay Res v.2/ Vero D5 pump insta... 
CoolingCoolingOSMonitor
HWLab Black Ice 360/ 3x eLoops in Push/Pull Phobya 200/ Cooler Master Mega Flow Fan in Push Windows 7 Ultimate 64-bit Overlord 1440P 
KeyboardPowerCaseMouse
Corsair K70 Vengeance Corsair AX1200W Cooler Master Haf X Modded Logitech G500s 
CPUMotherboardGraphicsGraphics
1090T ASUS Sabertooth 990FX GTX960 FTW @ 1552MHz / Stock volts GTX980 STRIX 
RAMHard DriveCoolingCooling
Corsair Vegeance 8GB Intel SSD Corsair H60 Corsair H55/Kraken G10 on GTX960 
OSPowerCase
Ubuntu 15.04 Thermaltake Black Widow 850W NZXT Apollo (Soon to change) 
CPUOSCase
Intel Core i3 Ubuntu 14.04LTS Toshiba Satellite Ultrabook 
  hide details  
post #122 of 144
You can easily spot the people that have never had any experience with network or computer security. Writing down your passwords is the dumbest thing you can do. Ever. massive security violation right there.
Z97 Gaming Rig
(13 items)
 
Gaming Rig
(14 items)
 
 
CPUMotherboardGraphicsRAM
i7-930 EVGA X58 Sli LE XFX DD7950 3GB G.SKILL PI Series 6GB (3 x 2GB) 240-Pin DDR3 SDRAM 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Liteon dvd burner Windows 8  Dell UltraSharp U2410 - 24" 
KeyboardPowerCaseMouse
Xarmor U9BL Corsair HX 850 Antec 1200 Razer Naga 
Mouse PadAudio
Razer Destructor Razer Carcharias 
  hide details  
Z97 Gaming Rig
(13 items)
 
Gaming Rig
(14 items)
 
 
CPUMotherboardGraphicsRAM
i7-930 EVGA X58 Sli LE XFX DD7950 3GB G.SKILL PI Series 6GB (3 x 2GB) 240-Pin DDR3 SDRAM 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Liteon dvd burner Windows 8  Dell UltraSharp U2410 - 24" 
KeyboardPowerCaseMouse
Xarmor U9BL Corsair HX 850 Antec 1200 Razer Naga 
Mouse PadAudio
Razer Destructor Razer Carcharias 
  hide details  
post #123 of 144
If you are a last pass user and you find out they managed to actually hack Last Pass itself and used your info in a way that ended up causing financial problems or identiy theft, does Last Pass have some sort of policy about what they do in that scenario? Like are you "insured" in a way? Or how would they keep themselves from being sued?
post #124 of 144
As soon as I get my server setup I am going to create my own python program that writes passwords to the data base, and does encryption and decryption client side. Keeping ones passwords safe has become quite the chore.
post #125 of 144
Thread Starter 
Quote:
Originally Posted by DuckieHo View Post

LastPass has made some changes to mitigate this attack vector: http://www.maximumpc.com/lastpass-increases-security-to-thwart-phishing-attacks/

What eats me, if I read wrong correct me, this sean guy notified lastpass about this a while back and lastpass did nothing about the phishing attacks till this guy went public & released the code.

I purged my account and deleted my account. And I am a premium member too. Lastpass acted to late imo.
post #126 of 144
Quote:
Originally Posted by mothergoose729 View Post

As soon as I get my server setup I am going to create my own python program that writes passwords to the data base, and does encryption and decryption client side. Keeping ones passwords safe has become quite the chore.

There are open source "zero-knowledge" frameworks out there already, I wouldn't bother spending the time building from scratch.

https://crypton.io/
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
post #127 of 144
Quote:
Originally Posted by SectorNine50 View Post

There are open source "zero-knowledge" frameworks out there already, I wouldn't bother spending the time building from scratch.

https://crypton.io/

That is really cool, but I am thinking about doing something much simpler. I don't know enough about web servers to feel comfortable locking everything down, so I am going to create a single user client code that runs on my local machine and connects remotely to my database. That way the only way to compromise it would be to gain physical access to my computer.
post #128 of 144
Quote:
Originally Posted by HITTI View Post

What eats me, if I read wrong correct me, this sean guy notified lastpass about this a while back and lastpass did nothing about the phishing attacks till this guy went public & released the code.

I purged my account and deleted my account. And I am a premium member too. Lastpass acted to late imo.

I get the risk here.

a) if the hacker is actively connected to your session
b) if you are using a tumbler code
c) they could in theory grab your password and your code.

If they are targeting you that closely they probably already have all of your regular email addresses.

To mitigate this:

Have Lastpass remember your email address so that you don't enter it every time.
Use a free integrated auth service like DUO. That way you are not entering a code to gain access.

Of course, if they also stole your smartphone you would be screwed. biggrin.gif

One other thing you could do.

Associate last pass with a unique email that you only use for Lastpass. thumb.gif
Edited by pgdeaner - 1/20/16 at 10:23am
post #129 of 144
Quote:
Originally Posted by the9quad View Post

I love lastpass, I am married. If I die and my wife needs a password, she knows the lastpass password and everything else is taken care of. The other options would be for us both to memorize every password or to write them down and put them in a vault. Lastpass is easier.

Exact same situation for me. Something happens to me, my wife has the ability to access all of my accounts without fear of remembering the myriad of passwords and password schemes.
Red Obsidian
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 4770K Asus Maximus VI Extreme Galaxy GTX 680 2GB DDR5 Corsair Vengeance Pro Series 4x8 32GB DDR3 CMY3... 
Hard DriveHard DriveCoolingCooling
OCZ Vertex 4 256GB SSD  Crucial RealSSD C300 64GB Koolance CPU-370 Koolance PMP-450 
CoolingCoolingCoolingCooling
Koolance HX-CU1320V 4x120 Copper Radiator Koolance HX-CU1020V 3x120 Copper Radiator Koolance HX-CU720V 2x120 Copper Radiator Koolance CTR-CD1224 12/24V Pump and Fan Controller 
CoolingOSMonitorPower
Corsair AF120 High Performance Fans Windows 7 x64 Professional Dell S2409W Seasonic Platinum-1000  
CaseMouseAudioAudio
Corsair Obsidian 900D Logitech G700 Sound Blaster X-Fi Titanium HD  Logitech Z5500 THX 5.1 Surround System 
  hide details  
Red Obsidian
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 4770K Asus Maximus VI Extreme Galaxy GTX 680 2GB DDR5 Corsair Vengeance Pro Series 4x8 32GB DDR3 CMY3... 
Hard DriveHard DriveCoolingCooling
OCZ Vertex 4 256GB SSD  Crucial RealSSD C300 64GB Koolance CPU-370 Koolance PMP-450 
CoolingCoolingCoolingCooling
Koolance HX-CU1320V 4x120 Copper Radiator Koolance HX-CU1020V 3x120 Copper Radiator Koolance HX-CU720V 2x120 Copper Radiator Koolance CTR-CD1224 12/24V Pump and Fan Controller 
CoolingOSMonitorPower
Corsair AF120 High Performance Fans Windows 7 x64 Professional Dell S2409W Seasonic Platinum-1000  
CaseMouseAudioAudio
Corsair Obsidian 900D Logitech G700 Sound Blaster X-Fi Titanium HD  Logitech Z5500 THX 5.1 Surround System 
  hide details  
post #130 of 144
Quote:
Originally Posted by jbmayes2000 View Post

If you are a last pass user and you find out they managed to actually hack Last Pass itself and used your info in a way that ended up causing financial problems or identiy theft, does Last Pass have some sort of policy about what they do in that scenario? Like are you "insured" in a way? Or how would they keep themselves from being sued?

FWIW, lastpass was hacked in 2015. The attackers gained access to email addresses and encrypted master passwords. Only the email addresses are of any real use.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
This thread is locked  
Overclock.net › Forums › Industry News › Software News ›  [BETANEWS]LastPass has serious flaw called 'LostPass' -- your passwords and more are at risk