Posted by William Charles on September 17, 2019
Recaps

Published on September 17th, 2019 | by William Charles

10

Recap: Rainbow Airplane Trails, LastPass Credential Leak & More

 

Deals starting/expiring at the end of today or starting today (view the full deal calendar here):

Deals starting/expiring at end of tomorrow:

Here are some of the most popular posts from past few days:



10
Leave a Reply

avatar
 

  Subscribe  
newest oldest most voted
Notify of
TW
TW

To be clear, LastPass was not compromised. There was a bug in their browser extension which would cache the last used password, and if you went to a malicious website and clicked the LastPass icon then they could read your last password you used, using LastPass.

They already fixed it and rolled it out to everyone prior to Google making it publicly known there was a potential issue.

FTA:
“To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times,” Kun said, “any potential exposure due to the bug was limited to specific browsers (Chrome and Opera.)”

Vy
Vy

You’re assuming that everyone being interviewed about a potential breach is telling the whole truth all the time, always. “There’s nothing to worry about” and “the problem has since been resolved” are definitely the most diplomatic responses to avert widespread panic.

Could you imagine if a password manager HAD been breached? Oh, the scandalous irony and the earth-shattering outrage that would ensue. I imagine it’s only a matter of time, but we the endusers won’t really have much say until it’s too late.

Anonymous166
Anonymous166

In any event, this is yet another reason why I always recommend KeePassXC or another client-side password manager over centralized, online password management services. Too much risk if you trust others with your login info.

Aditya Shrivastava
Aditya Shrivastava

KeePassXC versus KeePassX? I use the latter.

Ferris
Ferris

The bug is funny because they’re named LastPass…and the last pass you used wasn’t secure. Oh, the irony.

AN
AN

Like others have mentioned in much more detail, this isn’t a breach. It was a flaw that was detected by a team in Google that explores security flaws and was highlighted to LastPass.

There is no evidence that this was used by a website or entities to malicious effect. Many publications are carrying sensationalized headlines for click-bait but the facts need to be highlighted.

AN
AN

Of course Delta values their miles at 4.16cpp when filing a lawsuit.

Mike

+1. Noticed that ridiculous mile value also.

YoniPDX
YoniPDX

Man what a shame, and just when he was so close to finally collecting enough Skypesos for a First Class ticket 😉

Nick
Nick

Am I the only one who thought the “card strategy” Citigroup stands by is “removal of all benefits” rather than “trying to find people who would get the 21 month 0 APR BT cards, as well as paying them back and continue to carry balance on the cards when the APR changes to 27%”?

Not sure which one is more risky though 😉

Back to Top ↑