ExtraTorrent.cc - The Largest Bittorent SystemLogin   |   Register
Latest Articles
Most searched
Hot torrents
First Cams
View Torrent Info: Moana 2016 HD-TS XviD AC3-CPG
View Torrent Info: Shut.In.2016.HDCAM.x264 - Lesnar
View Torrent Info: Fantastic Beast and Where To Find Them 2016 HD-TS x264-CPG
View Torrent Info: Arrival 2016 HDCAM x264 AC3-TuttyFruity
Hot torrents
View Torrent Info: Sully.2016.BRRip.XviD.AC3-ETRG
View Torrent Info: Storks.2016.BRRip.XviD.AC3-EVO
View Torrent Info: The.Accountant.2016.HC.HDRip.X264.AC3-EVO
View Torrent Info: White.Girl.2016.HDRip.XviD.AC3-EVO
Hot torrents
H264 X264
View Torrent Info: The.Accountant.2016.KOR.HDRip.1080p.H264.AAC-STY[EtHD]
View Torrent Info: Sully.2016.720p.BluRay.x264-SPARKS[EtHD]
View Torrent Info: Independence.Day.Resurgence.2016.BluRay.720p.DTS.AC3.x264-ETRG
View Torrent Info: Zootopia.2016.BluRay.1080p.AVC.DTS-HD.MA 7.1 x264-ETRG
Hot torrents
View Torrent Info: Bellator 166 Dantas vs Warren 2 HDTV x264-Ebi [TJET]
View Torrent Info: Ghost.Adventures.S13E10.Dumas.Brothel.HDTV.x264-SPASM
View Torrent Info: Van.Helsing.S01E12.WEB-DL.x264-FUM[ettv]
View Torrent Info: Z.Nation.S03E12.WEB-DL.x264-FUM[ettv]
View Torrent Info: Kahaani 2 (2016) Hindi 1CD Desi Cam x264 AAC - Downloadhub
View Torrent Info: Air Bud (1997) 720p HDTVRip x264 Eng Subs [Dual Audio] [Hindi 2.0 - English 5.1] -=!Dr.STAR!=-
View Torrent Info: Morgan 2016 720p BDRip Hindi DD 5.1 x264-SnowDoN
View Torrent Info: Ardaas (2016) DVDRIP 1CDRIP x264 AAC ESub [DDR]
To add new messages please Login or Register for FREE
Warning! Protect Yourself from Lawsuits and Fines!
Your IP Address is   Location is United States
Your IP Address is visible to EVERYONE. Hide your IP ADDRESS with a VPN while torrenting!
ExtraTorrent strongly recommends using Trust.Zone VPN to anonymize your torrenting. It's FREE!

ExtraTorrent.cc > Articles > LastPass Password Manager Details Vulnerable to Hack

LastPass Password Manager Details Vulnerable to Hack

LastPass Password Manager Details Vulnerable to Hack

Added: Saturday, January 30th, 2016
Category: About Torrents > Staying Safe And Secure
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, www.extratorrent.cc, 2016
LastPass is one of the popular password managers, which stores user’s passwords in the cloud in an encrypted vault. This user’s database is protected by a single username/password pare and various forms of two-factor authentication. However, some security researcher has recently issued a tool able to steal the login details and two-factor authentication key for the manager, thus leaving users potentially exposed. The instrument in question enables hackers to mimic the look and feel of the LastPass browser plugin and website, imitating the way the password manager requests a user’s password and two-factor authentication key.


The security researcher presented the attack at the hacker convention ShmooCon in Washington, calling it LostPass. The attack works because ordinary users can’t tell the difference between a fake and a real message. The fake message shows up if a user visits a malicious website. Once the malware detects that the browser is using LastPass, it mimics a LastPass notification, remotely logs-out the user and requests their password and two-factor authentication key. As a result, the hacker would be able to gain access to every password stored in the system, change settings, block a user’s access or hide it leaving the user none-the-wiser.

LastPass was notified about the vulnerability back in November and responded by implementing a system to alert users when they type their master password on a fake site. The problem is that hackers can easily block that notification as well.

While the attack is not a flaw within LastPass itself, it still highlights a major problem that even the most careful users can encounter. As for the service, it said that the email verification process significantly reduces the threat of such phishing attack because in this case the hackers would need to gain access to the user’s email account as well. In this case, if a user sees a verification request they never initiated, they can safely ignore it.

LastPass also added that it has implemented a fix preventing the malware from logging a user out of their account. Although none of these changes can prevent the hackers from stealing login details, they could still prevent from using those details to access the user’s password manager.

Posted by: 

Date:  Saturday, January 30th, 2016

Comments (9) (please add your comment »)

posted by (2016-01-30 21:36:36)
zur avatarThank for this information

posted by (2016-01-31 01:21:56)
No avataryeah thanks for that, I guess you should only log onto lastpass with a blank screen

posted by Bitcoin MasterET loverSunTurtle (2016-01-31 15:04:57)
chocolatemilk avatarThank You SaM.

posted by (2016-01-31 17:45:42)
YngBlondboy avatarThanks i guess... But why would anyone need/want to store passwords on a cloud program/app? I keep all mine on a .txt file... I guess laziness would be the largest factor to bother using such a service?

posted by Site FriendET loverSuperman (2016-02-01 17:54:32)
Embolism avatar@4 I hope you have that .txt file encrypted and locked away in a safe next to your computer as that is the only way it will not be copied by some enterprising haxor as recently I had a call out on a business system I put together for someone and whilst cleaning up their mess I was watching a downloaded film on another guys computer in the same area with full access to all his files should I so choose a simple .txt file would not have been a problem for me to copy and if he was silly enough to put the keys to his kingdom in it he may now be trying to cancel all his credit cards.Luckily watching his p2p files was all I had an interest in. (:^D)

posted by Site FriendET loverSuperman (2016-02-01 18:07:48)
Embolism avatarAn interesting exploit SaM obviously thought out by a clever mind to clone a program,reboot it and redirect the users data cutting off the Apps server in the process is a lot of work, but not without rewards one would guess since if important enough to lock away securely effort over gains applies,hopefully no ones Swiss accounts are being ransacked right now. (:^D)

posted by (2016-02-02 02:44:04)
YngBlondboy avatarIt's kept on a 4gb usb data stick which if i don't recall what a password is for a site i'll pull it out.. Also this my personal computer i'm speaking of.. i'm the only one that uses it unless one of my cats have been using it while I sleep

posted by Site FriendET loverSuperman (2016-02-02 15:38:49)
Embolism avatar@7 no matter how safe you think it is there will always be some enterprising haxor somewhere who will come up with a workaround to any given scenario whether on a usb drive or your HDD which is why there is cloud storage or programs like maskme/Blur.http://www.pcworld.com/article/185872/usb_drives_hacked.html the only really safe way to keep your finances safe is 1-2-1 over the counter at a bank. (:^D)

posted by Site FriendET loverSuperman (2016-02-02 16:01:07)
Embolism avatarthe kingston hack is unlikely granted as it requires a physical access but keyloggers ,trojans and other nasties can see whatever you do going back as far as 2000 and Microsofts reverse browsing so if you have to do it online then do not entrust to any drive usb or HDD as a drive .IMG on a 4gb drive would take very little time on a modern pc and a keylogger would take every keystroke and have your email and password,credit card details etc and send them directly to someone who would then go online and fleece your accounts for goods or anything else that cannot be traced back to anyone except you.

Articles Search
Most Popular Stories
Articles Categories
Articles Tags

Home - Browse Torrents - Upload Torrent - Stat - Forum - FAQ - Login
ExtraTorrent.cc is in compliance with copyrights
BitCoin: 12DiyqsWhENahDzdhdYsRrCw8FPQVcCkcm
Can't load ExtraTorrent? Try our official mirrors: etmirror.com - etproxy.com - extratorrentonline.com - extratorrentlive.com
2006-2016 ExtraTorrent.cc3