![]() In 2011, LastPass publicly disclosed a “traffic anomaly” on their server that they couldn’t account for. Regarding the OTP attack, it is a “targeted attack”, requiring an attacker to know the user’s username to potentially exploit it, and serve that custom attack per user, activity which we have not seen. If you are concerned that you’ve used bookmarklets before September 2013 on non-trustworthy sites, you may consider changing your master password and generating new passwords, though we don’t think it is necessary. If you’re interested in getting into the technical details of either exploit, this appears to be the research paper in question.Īs for what you LastPass recommends their users do: So why’d they wait a year? As LastPass fixed the bugs quickly and had no evidence the bugs were ever exploited maliciously, it says they opted to let the research team publish their research on their own schedule.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |