1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ShmooCon: LastPass design elements create perfect Phishing opportunity

Discussion in 'CSO' started by RSS, Jan 17, 2016.

  1. RSS

    RSS New Member Member

    Washington, D.C. - At ShmooCon on Saturday, Sean Cassidy, the CTO of Praesidio, demonstrated a clever attack against LastPass, which is possible thanks to a security trade off and easily spoofed UX elements.

    On Saturday, Sean Cassidy’s presentation at ShmooCon outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions.

    The attack, which doesn’t require any special skill or circumstance to accomplish, enables an attacker to steal a LastPass customer’s entire existence, as everything stored by the LastPass service is exposed.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page