LastPass Accounts Can Be 'Completely Compromised' When Users Visit Sites

Reader mask.of.sanity writes: A dangerous zero-day vulnerability has been found in popular cloud password vault LastPass, which can completely compromise user accounts when users visit malicious websites. The flaw is today being reported to LastPass by established Google Project zero hacker Tavis Ormandy who says he has found other "obvious critical problems". Interestingly, Mathias Karlsson, a security researcher has also independently found flaws in LastPass. In a blog post, he wrote that he was able to trick LastPass into believing he was on the real Twiter website and cough up the users' credentials of a bug in the LastPass password manager's autofill functionality. LastPass has fixed the bug, but Karlsson advises users to disable autofill functionality and use multi-factor authentication. At this point, it's not clear whether Ormandy is also talking about the same vulnerability.

Re:FUCK MILLENNIAL SNOWFLAKES

[LichtSpektren]

All millennials suck. I hate millennial snowflakes. Just remember your damn passwords and you'll have no trouble. Fuck millennials and their lazy security. Die in a fire.

Yea guys we millennials should remember our 200 passwords the same way the tech savvy Gen X people do...make them all the same! Or better yet, do what I already see everyone else doing and write them all in a notebook and keep in your top desk drawer. Sooo much better than us millennials and our lazy security...

True story: somebody told me once that he made all of his passwords his social security number, because he was tired of remembering so many. If the site required letters in addition to numbers, he would suffix it with his initials.

Even more horrifying than that, his email address was his full name and birth year @ hotmail.com...