Makes me think twice about using iCloud
When you’re in charge of keeping many hundreds of thousands of passwords under lock and key, trust is everything. Maintaining that trust means fessing up when things go wrong — even if it’s something you don’t think affected your users.
Such is the case today for LastPass, a popular password manager for Safari, Chrome, Firefox and Opera. They’ve just published details of two security exploits discovered lurking in their products, though they say they don’t believe the exploits were ever used maliciously.
You can read their full post here, but here’s the gist of it:
- The first bug is tucked into their less-used bookmarklet offering, not the more popular LastPass plugin. LastPass says “less than 1%” of its userbase uses these bookmarklets.
- With this first exploit, if a user clicked on their bookmarklet while on a site specifically built with this hack in mind, LastPass could be coaxed…
View original post 335 more words