07-14-2014 01:01 PM
Researchers find four classes of common vulnerabilities in popular password managers and recommend greater industry scrutiny and more automated ways to find vulnerabilities.
A group of researchers next month will present their finding a grab-bag of vulnerabilities in Web-based password managers, which they believe to be a wakeup call for the major password manager companies. The technical details are slated to be fully aired out at the Usenix conference in San Diego in late August, but conclusions from the research were released via a peer-reviewed paper made public last week.
07-14-2014 01:25 PM
Lots of info there, I will have to go thru it again including the peer-reviewed paper.
Aside from booklets with LastPass, it appears to be secure, therefore WSA manager is as well.
Thanks for the info!
Helpful Webroot Links:
07-14-2014 03:42 PM
There are a lot of articles being published about this at present but as the flaws have been fixed things should on the whole be OK but if users are worried they should change the master password and any passwords on non trustworthy sites.
by Dan Goodin - July 14 2014
"The researchers examined LastPass and four other Web-based managers and found critical defects in all of them. The worst of the bugs allowed an attacker to remotely siphon plaintext passcodes out of users' wallets with no outward sign that anything was amiss. LastPass and three of the four other developers have since fixed the flaws, but the findings should serve as a wakeup call. If academic researchers from the University of California at Berkeley can devise these sorts of crippling attacks, so too can crooks who regularly case people's online bank accounts and other digital assets."