![]() ![]() If you think criminals aren't mining LastPass and others for bugs right now, you're naive. If you're using it in a corporate environment to share passwords, now only one user of many needs to be attacked to steal all of your passwords via a previously undisclosed bug. ![]() Your password manager extension de jour might not be as bug ridden as LastPass, but it suffers from the same risk vector if it's a browser extension. ![]() Desktop-based password managers have no such access, as they require compromising the local machine first, which is much harder than visiting a webpage. That's how LostPass worked, and it's how many of the new attacks work, too. When you use a browser extension password manager, you give attackers an API to interact with your password manager via JavaScript or the DOM. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |