To Customer Support To Customer Support

From ZDNet: LastPass hit by password stealing and code execution vulnerabilities

  • 23 March 2017
  • 9 replies
  • 1129 views
rbarrow
Rank
Userlevel 6
Badge +17
Found out about this from Virginia Tech tech support Google Group:
 
http://www.zdnet.com/article/lastpass-hit-by-password-stealing-and-code-execution-vulnerabilities/

9 replies

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
I'm sure WSA's Identity Shield would protect any malware stealing code execution from any vulnerabilities.
 
http://live.webrootanywhere.com/content/608/Managing-Identity-Protection
rbarrow
Rank
Userlevel 6
Badge +17
Good to know.
B
Rank
 
Do I need to add LastPass files (which files) with Application Protection for WSA's Identity Shield to protect any malware stealing code execution from any vulnerability. 
 
Or, maybe LastPass is protected by virtue of LastPass browser integration (extension) since browser is listed with Application Protection.
 
What's best practice regarding LastPass.
 
Thanks
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
 
Do I need to add LastPass files (which files) with Application Protection for WSA's Identity Shield to protect any malware stealing code execution from any vulnerability. 
 
Or, maybe LastPass is protected by virtue of LastPass browser integration (extension) since browser is listed with Application Protection.
 
What's best practice regarding LastPass.
 
Thanks
Are you using the built in Lastass in WSA or Lastpass from Lastpass? If the latter it can't hurt to add it to ID Shield but if your using the built in version in WSA it's already protected.
B
Rank
@ wrote:
@ wrote:
 
Do I need to add LastPass files (which files) with Application Protection for WSA's Identity Shield to protect any malware stealing code execution from any vulnerability. 
 
Or, maybe LastPass is protected by virtue of LastPass browser integration (extension) since browser is listed with Application Protection.
 
What's best practice regarding LastPass.
 
Thanks
Are you using the built in Lastass in WSA or Lastpass from Lastpass? If the latter it can't hurt to add it to ID Shield but if your using the built in version in WSA it's already protected.
Using LastPass from LastPass.
https://blog.lastpass.com/2017/03/important-security-updates-for-our-users.html/
 
Thanks
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
@ wrote:
@ wrote:
 
Do I need to add LastPass files (which files) with Application Protection for WSA's Identity Shield to protect any malware stealing code execution from any vulnerability. 
 
Or, maybe LastPass is protected by virtue of LastPass browser integration (extension) since browser is listed with Application Protection.
 
What's best practice regarding LastPass.
 
Thanks
Are you using the built in Lastass in WSA or Lastpass from Lastpass? If the latter it can't hurt to add it to ID Shield but if your using the built in version in WSA it's already protected.
Using LastPass from LastPass.
https://blog.lastpass.com/2017/03/important-security-updates-for-our-users.html/
 
Thanks
Well to have a piece of mind add Lastpass .exe's to the ID Shield under protect and it wouldn't hurt to do so. I also add PDF readers, Outlook, Word and even Snagit under Protect under ID Shield. http://live.webrootanywhere.com/content/610/Managing-Protected-Applications
 
J
Userlevel 7
We have been in contact with LastPass to understand if this affects our users, and they have communicated that it does not.
 
From LastPass:
The vulnerability is related to a very recent version of the LastPass browser plugin.
Webroot products are unaffected because that version had limited release and Webroot had not incorporated that release in our version of LastPass.
 
Here is a blog post update that they directed us to:
https://blog.lastpass.com/2017/03/important-security-updates-for-our-users.html/
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Thanks @
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Thank you for the update JP.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.