Bad news about Keepass. http://www.engadget.com/2016/06/04/keepass-wont-fix-security-hole-due-to-ads/
I never let apps autoupdate. This is not the first, nor the last case. http://news.softpedia.com/news/asus...s-over-http-with-no-verification-504880.shtml http://news.softpedia.com/news/leno...rator-app-amid-security-concerns-504810.shtml
What now? My master pass on lastPass is really strong, but... Just now I added multi authentification by means of Authenticator. Exported and imported my accounts to : https://keepersecurity.com/en_GB/user-guides/guide-browser-extensions.html Am I missing an important element here?
LastPass details the problem and fix: https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ This is limited to lastpass add-on for Firefox.
Already addressed by lastpass one year ago... Read the link in my previous post EDIT: Ooops, I see that AutoCascade post is gone now....
I didn't realize the 2nd report was a year ago. The author didn't share that part unfortunately. The report by Taviso though was just a day or so ago and LastPass responded quickly but it also doesn't mean he's done finding holes in it.
This is a good example of how responsible disclosure should work. By the time you hear about the vulnerability, the issue is already fixed by the vendor. So kudos to Ormandy and the LastPass team.
Potentially some 1Password vulns to come next? Link: https://twitter.com/taviso/status/760231214812844032