1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone could pull off a LostPass phishing attack to get all your LastPass passwords

Discussion in 'Network World' started by RSS, Jan 17, 2016.

  1. RSS

    RSS New Member Member

    Heads-up if you use LastPass as a security research released LostPass code on GitHub that bad guys could jump on immediately and an attack could be in the wild even now. In essence, if you use LastPass then you could be tricked into handing over the keys – or master password – to your digital kingdom.

    The LostPass attack works best in Chrome, but if you think you could spot the phishing then think again; Sean Cassidy, CTO of cloud-based cybersecurity firm Praesidio, warned that a user would not be able to tell a difference between a LastPass message displayed in the browser and the fake LostPass message since “it’s pixel-for-pixel the same notification and login screen.”

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page