light bulb

Did You Know?



Reply
Posts: 5,601
Topics: 3,643
Kudos: 7,116
Registered: ‎06-12-2013

Hacking Password Managers

 By Ericka Chickowski  7/14/2014

 

Researchers find four classes of common vulnerabilities in popular password managers and recommend greater industry scrutiny and more automated ways to find vulnerabilities.

 

A group of researchers next month will present their finding a grab-bag of vulnerabilities in Web-based password managers, which they believe to be a wakeup call for the major password manager companies. The technical details are slated to be fully aired out at the Usenix conference in San Diego in late August, but conclusions from the research were released via a peer-reviewed paper made public last week.

 

Full Article

Sr. Community Leader

Posts: 902
Registered: ‎06-20-2014

Re: Hacking Password Managers

Lots of info there, I will have to go thru it again including the peer-reviewed paper.

Aside from booklets with LastPass, it appears to be secure, therefore WSA manager is as well.

 

Thanks for the info!

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!:smileyvery-happy:


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!

Posts: 5,601
Topics: 3,643
Kudos: 7,116
Registered: ‎06-12-2013

“Severe” password manager attacks steal digital keys and data en masse

There are a lot of articles being published about this at present but as the flaws have been fixed things should on the whole be OK but if users are worried they should change the master password and any passwords on non trustworthy sites.

 

Adoption of poorly secured password managers opens a single point of failure.

by Dan Goodin - July 14 2014

 

Password Managers

 

"The researchers examined LastPass and four other Web-based managers and found critical defects in all of them. The worst of the bugs allowed an attacker to remotely siphon plaintext passcodes out of users' wallets with no outward sign that anything was amiss. LastPass and three of the four other developers have since fixed the flaws, but the findings should serve as a wakeup call. If academic researchers from the University of California at Berkeley can devise these sorts of crippling attacks, so too can crooks who regularly case people's online bank accounts and other digital assets."

 

Full Article

Sr. Community Leader