Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!



Results 1 to 7 of 7
Like Tree7Likes
  • 4 Post By Pact
  • 1 Post By Hristo
  • 1 Post By Pact
  • 1 Post By fraustobill

Thread: How to avoid the latest LastPass Phishing Attack

  1. #1
    Banned
    Pact's Avatar
    Reputation Points
    7065
    Reputation Power
    0
    Join Date
    Jan 2016
    Posts
    304
    Time Online
    22 d 16 h 54 m
    Avg. Time Online
    10 m
    Mentioned
    117 Post(s)
    Quoted
    15 Post(s)
    Liked
    374 times
    Feedbacks
    31 (100%)

    How to avoid the latest LastPass Phishing Attack

    Sean Cassidy discovered recently that the popular password manager LastPass is vulnerable to a phishing attack that takes advantage of the way messages are displayed to users of the service.
    The method that he describes on his blog works in Google Chrome, and to a degree in Firefox as well.
    The main difference between the two browsers is that fake messages displayed to Chrome users on attack sites look identical to the message the LastPass extension would display to them, while that's not the case if Firefox is being used.
    So how does the phishing attack work?
    LastPass displays messages to users in the browser's viewport to which websites that are open in the browser have access to as well.

    http://cdn.ghacks.net/wp-content/upl...ss-message.png

    A malicious site would draw the LastPass notification after checking that the password manager is being used. According to Cassidy, they could even log out the user before they display the message to make it look more real.
    The message would ask users to enter their username and password, and if configured, two-factor authentication code.
    Obviously, the information can then be used by the attacker to gain access to a user's vault allowing them to access all account information, notes and other sensitive data saved in it.
    Have you been hacked?

    http://cdn.ghacks.net/wp-content/upl...1/lastpass.jpg

    You can verify account access on the Account History page. There you find listed all recent log ins.
    Do the following to get there:

    1. Click on the LastPass Icon.
    2. Select My LastPass Vault.
    3. In the left-menu that opens, select Tools > View History.

    Each event is listed with a date, IP address, DNS and method used for the access.
    How to prevent getting hacked
    LastPass is working on a fix according to Sean Cassidy who disclosed the issue to the company last year.
    The attack can be detected easily however.

    1. If you are using Firefox and get the log-in window, try to switch to another tab. If that works, it is a fake login prompt.
    2. If you are using Google Chrome, make sure the page where you are entering the credentials starts with chrome-extension://

    Generally speaking, you may want to sign in on the LastPass website directly, and not via the extension. Once you are signed in on the site, the login gets picked up by the extension so that you can use its functionality as well.
    Now You: How do you sign in to LastPass or other online password managers?

    Source: http://www.ghacks.net/2016/01/16/how...ishing-attack/

    PS: my solution is to never use Lastpass, use Keepass instead.
    Hristo, DGM, fraustobill and 1 others like this.

  2. #2
    New user Hristo's Avatar
    Reputation Points
    11
    Reputation Power
    30
    Join Date
    Feb 2016
    Posts
    4
    Time Online
    4 h 11 m
    Avg. Time Online
    N/A
    Mentioned
    2 Post(s)
    Quoted
    2 Post(s)
    Liked
    1 times
    Feedbacks
    0
    I just took one more year in premium LastPass ... I wish I could read your message before !! But thank you very much for this advice.
    Pact likes this.

  3. #3
    Banned
    Pact's Avatar
    Reputation Points
    7065
    Reputation Power
    0
    Join Date
    Jan 2016
    Posts
    304
    Time Online
    22 d 16 h 54 m
    Avg. Time Online
    10 m
    Mentioned
    117 Post(s)
    Quoted
    15 Post(s)
    Liked
    374 times
    Feedbacks
    31 (100%)
    Quote Originally Posted by Risto View Post
    I just took one more year in premium LastPass ... I wish I could read your message before !! But thank you very much for this advice.
    Me too but i don't use it for sensitive stuff and i suggest u do the same or just be more careful .
    Hristo likes this.

  4. #4
    New user Hristo's Avatar
    Reputation Points
    11
    Reputation Power
    30
    Join Date
    Feb 2016
    Posts
    4
    Time Online
    4 h 11 m
    Avg. Time Online
    N/A
    Mentioned
    2 Post(s)
    Quoted
    2 Post(s)
    Liked
    1 times
    Feedbacks
    0
    Think i'd better don't use paypal anymore with it...

  5. #5
    Banned
    Pact's Avatar
    Reputation Points
    7065
    Reputation Power
    0
    Join Date
    Jan 2016
    Posts
    304
    Time Online
    22 d 16 h 54 m
    Avg. Time Online
    10 m
    Mentioned
    117 Post(s)
    Quoted
    15 Post(s)
    Liked
    374 times
    Feedbacks
    31 (100%)
    Quote Originally Posted by Risto View Post
    Think i'd better don't use paypal anymore with it...
    That would be better for ur own safety ,

  6. #6
    User fraustobill's Avatar
    Reputation Points
    30
    Reputation Power
    31
    Join Date
    Dec 2015
    Posts
    57
    Time Online
    1 d 2 h 12 m
    Avg. Time Online
    N/A
    Mentioned
    3 Post(s)
    Quoted
    5 Post(s)
    Liked
    6 times
    Feedbacks
    0
    Awesome bro.. Keep it up.. By the way if we practice on our pc then we can understand more about this attack..
    Pact likes this.

  7. #7
    Banned
    Pact's Avatar
    Reputation Points
    7065
    Reputation Power
    0
    Join Date
    Jan 2016
    Posts
    304
    Time Online
    22 d 16 h 54 m
    Avg. Time Online
    10 m
    Mentioned
    117 Post(s)
    Quoted
    15 Post(s)
    Liked
    374 times
    Feedbacks
    31 (100%)
    Quote Originally Posted by fraustobill View Post
    Awesome bro.. Keep it up.. By the way if we practice on our pc then we can understand more about this attack..
    That's for sure


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •