New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I did your homework for you. Even admins already told the reason without saying. Funny
https://lowendtalk.com/discussion/comment/3468582/#Comment_3468582
https://lowendtalk.com/discussion/comment/3468617/#Comment_3468617
https://lowendtalk.com/discussion/comment/3468565/#Comment_3468565
Enjoy.
I know you're only interested in talking about the actual product. Then keep it at the code and the product/idea.
Let's keep the personal attacks out of this, there's no reason to insult people like this.
Chill out.
You are an outright liar. Show me Where I said that the pressure got to me or was even remotely the reason??
That's a horrible idea. You're aware wallets are lost and stolen ALL THE TIME? Phone numbers are not secret at all, in fact, there's a whole book full of them.
SMH
It was meant to be a joke, of course 🙄
That's not true.
Businesses maybe (i.e., Yellow Pages), and even then, not ALL are listed.
Personal numbers are still considered personal data, hence private.
Is there even a country where there's a "whole book full of" personal numbers?
never trust these online shitty services better use open source projects like keepass and lesspass.
@zcorps open source do suffer from supply chain attacks. Should be careful too with what you trust. The fact that is open source and has stars on github doesn't make it secure. Your only guarantee is to go through the code line by line... character by character and make sure it doesn't have anything malicious.
Provided as is no guarantee, remember.
Official site say , How to Transfer Your LastPass Passwords to Bitwarden
Import Data from LastPass
https://bitwarden.com/help/import-from-lastpass/
Oh, self whoosh
You had to pay to not have your phone number and/or address printed in the phone book. The exception being people like Doctors. I'm sure that fee is built into the price they pay each month.
Dude is an a-hole, banning and throwing his weight around. Real d!ck. @ArkAss
No, you need to quote the original Impossible Is Nothing. This was an actual resume video a guy submitted for an investment banking job. Details.
Yep. Self-hosted version of Vaultwarden on a LAN with Wireguard access is the way to go.
Sorry for necro-posting, but I was catching up on email and found LastPass' blog post with a final report containing the details of the incident.
TL;DR:
Someone got into LastPass' development environment, hung around for four days and stole source code, but did not modify the code. The attack was limited to their development environment, which is isolated from other LastPass systems. Details here:
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
My favourite password managers are Bitwarden and Enpass
Sorry for necro, but once again with use of development environment.
https://www.theguardian.com/technology/2022/dec/01/password-app-lastpass-hit-by-cybersecurity-breach-but-says-data-remains-safe
Again?
Their dev credentials are; user:root, password:admin123
I get this email 18 h ago :
At least is zero knowledge arch... hopefully that's true for the safety of the users.
At this point, if I were using LastPass. i wouldve moven away
Does this mean they used the same cloud storage service for production and development? under a same apikey/access key/user?
This is actually shocking.
I finalized my full move from LastPass to my personal instance sometime last month, and this happened. I prefer to change passwords when I change password instances for this exact same reason.
To even think that we were talking about this so recently.
https://lowendtalk.com/discussion/comment/3557528#Comment_3557528
VM (with no internet connection or old laptop)
https://keepass.info/
Best secure way to protect your passwords. Offline is the best and currently "safe" harbor.
Move from Lastpass, one day will be to late. Even if is not fully compromised.
Here is LastPass' blog entry, describing the updated situation:
https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
The unanswered question is:
-> Did the attackers capture enough LastPass data that they could unlock a vault if they knew the Master Password for that vault? Can they use the stolen data to test Master Passwords offline, out of sight from LastPass?
I get tired of statements like "Don't worry, your data was encrypted with our military-grade, government-approved encryption algorithms." In this case, LastPass said, "Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture."
In such cases, the encryption may be strong, but if the keys are derived from human-entered passwords, then the overall security may not be nearly as strong as implied by a typical "damage control press release."
I looked at LastPass' "Zero Knowledge architecture" diagram referenced in their blog post. The diagram makes it clear to me that keys are derived directly from the user-entered Master Password unless two-factor authentication is used. Yes, there is a lot of hashing to slow down brute force attacks.
Based on my brief glance at their website, LastPass encourages its customers to choose a strong and "secure" Master Password. ... And then LastPass' lawyers let them release statements like, "Our customers' passwords remain safely encrypted..." The security basis for that statement may be the erroneous assumption that LastPass customers actually use strong, secure Master Passwords. Based on my past experience with real people choosing real passwords, I would not make that assumption.
Have others made similar comments? What could I be missing here?
password not leaked due to encryption, but user name leaked, right?
No, LastPass Didn't Expose Your Passwords
Yes, a LastPass website containing customer info was breached. But the hackers didn’t even come close to getting hold of your passwords.
https://www.pcmag.com/opinions/lastpass-didnt-expose-your-passwords
But who cares also about password? Still a breach issue. Or name or other private information isn't a security breach?
That is why I stay away from them.
Customer info is as important as passwords, billing address and a much more
at this point everyones info is somehwere in a dumped SQL in the net. That unavoidable nowadays.
Don't you receive calls from scammers that know part of your info?
Passwords however, with good practices can be kept secure.
Yeah you could probably make something like this with a VPS cluster and make it really reliable.