2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44
Yesterday, a real way was discovered to steal data from the popular LastPass password manager. We recommend that you read this article so as not to fall for the bait.
We use many online services and web applications, each of which requires different logins and passwords for security purposes. It is impossible to keep them all in your head, which is why password managers are widespread. They provide reliable storage and convenient use of logins and passwords not only for online services, but also for payment systems, bank accounts, and so on. Therefore, leaking or cracking such a password manager can become a big problem for many users.
One of the most popular apps of this kind is LastPass. This is a really great solution that has stood the test of time and numerous hacker attacks. However, yesterday, computer security specialist Sean Cassidy discovered the possibility of a phishing attack on LastPass. He cleverly named it LostPass (lost passwords).
In short, the vulnerability found looks like this. First, the attacker lures you to his site, which displays a fake (!) Notification that your session has expired and you need to log in again. You've probably seen similar notifications from LastPass.
Since the notification is fake, clicking the Try Again button will take you to a specially crafted page that looks exactly like a standard LastPass login and password form. It will even have an address almost the same as the browser service pages that are opened by installed extensions usually have. Except for a small detail that I have highlighted in the screenshot. I am sure that most users will not pay any attention to such a trifle.
Next, you enter your username and password on this page to log into LastPass, and they immediately fall into the hands of hackers. As a result, the latter have full access to all your sites and credentials. The attack works even if you have two-factor authentication enabled, only the hacker's sequence of actions will be one step further. You can read more about how LostPass works (in English).
Of course, the question arises as to how you can protect yourself from this danger. Until the developers of LastPass take steps to prevent such phishing attacks, users may temporarily disable the browser extension of this service. Yes, this is inconvenient and will force you to manually copy the required passwords from the LastPass web page. A more radical option is to find an equivalent alternative for storing passwords and confidential data.
Are you still using LastPass or have you switched to another password manager?
Recommended:
Why rabies is dangerous and how to protect yourself from it
Rabies is a deadly infectious disease that spreads through the saliva of infected animals and affects the nervous system
How to take care of yourself to protect yourself from burnout and overwork
Overwork and burnout are common results of too much enthusiasm at work. It is easier to prevent this phenomenon than to deal with its consequences
How to protect yourself from coronavirus if you need to return to work
Maintain your distance, wear a mask, maintain good hygiene and follow other simple guidelines to protect yourself from coronavirus after going to work
How to protect yourself from emotional abuse from your parents
Violence isn't just about bruises and bumps. Emotional abuse also leaves traces on a child's social, emotional and mental development
Why belly fat is a threat to your health
Distinguish between subcutaneous and visceral fat, and the latter can cause serious diseases. How to recognize the presence of dangerous fat and get rid of it - says Lifehacker