Do You Trust LAST PASS

Discussion in 'other software & services' started by Rainwalker, Oct 20, 2014.

  1. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Also, Lastpass is the big boy.. If nobody has breached it yet, or have any hack beyond proof of concept, then it's very secure. It's the Chrome, Windows, and Norton of password managers. Considering some very impressive password, security, and cryptographers use it, that tells us a lot.. Those guys are paranoid. As I said I know some pentest guys, some pretty big ones. They all use it, and those guys are epic paranoid. They don't even use decorated passwords.
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Some of my pentester friends and I disagree, they won't touch it and I have for a long time. But I know many professionals who do.
     
  3. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    What's the reasoning for them not touching it? I know one security firm full of 'pros', and it's all they will use. The most paranoid guy at work uses Keepass, and then 'carries around' a USB stick with the database on it. Or sometimes photographs passwords before leaving for work. Ridiculous hassle level if you ask me, with probably no benefit to security.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    They just dislike the idea of having it stored elsewhere. I haven't really discussed it much with any of them in depth.
     
  5. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    The guy at work I mention - same way.. Doesn't like stuff stored 'elsewhere'. But the irony is, 'elsewhere' is probably more secure than on his stick, or photos on his iPhone.
     
  6. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    You can download all the passwords and encrypt that folder. Plus not keeping your banking and main email passwords on it.
     
  7. 142395

    142395 Guest

    Maybe you know malware using supersonic wave for communication too.
    I agree, most people are not aware of such espionage technologies and I don't think Snoden know or could bring out all of them. However I have to say completely blocking all of them is almost impossible if you're targeted by government agancies. At least it requires lots of money & help of experts, but that experts theirselves might be spy, even if you're very intimate with them! (most spy actually make or keep good personal relationship with victim)
    Snoden did? No, he managed to achieve exodus because many people including Russian gov helped him. If you are a good US citizen, completely block them is almost impossible.

    Aside from that, it is well possible LP includes many unknown vuln (including crypt one) and skilled attacker might circumvent all preventive measure by combining those exploits, but decoration method at least will give us a time to change those password as such incident will most likely make a fuss.
     
  8. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Not supersonic, I think you mean ultrasonic? I am quite well appraised of ultrasonic spying methods, also more importantly - countermeasures. Cavitation scrambling, ultrasonic saturation, whereas you saturate the ultrasonic bandwidths of a room so monitoring won't be effective, morphing the frequency to keep a stable frequency from being parsed away from the content they desire. 60hz home electrical wiring can be used to spy, a stable 60hz line - any variances of that link parsed, converted to actionable sigint, even subtle frequencies. Line conditioners (KVAR/Capacitor) prevent, and in many cases totally eliminate this from working.

    A bit more back on topic:

    But I agree, unless you invest the time/money, or have the right people on your side then there is little chance you can completely block them. Sheryl Atkinson found out how hard that is after she hired some techs to examine how she was being intercepted. Redundancy is a key for them, they want 5, 10, even 20-40+ methods to screw someone over. That's why NYT was hit with 40 pieces of malware at once so if a few are found, they still options. What most people can do is ameliorate the damage, and reduce their surface exposure. Simple things like encryption (not simple SSL heh), and strong passwords are a first step of course. Social engineering, public domain intelligence, and sigint all play into it. But the real problem with people these days are the first two. Those are ones where people need to be more cautious in my opinion. If the target is highly valued, then positioning social asset directly in the path of the objective is ideal of course, as you noted. You'd be surprised at how fast someone goes dark to them with simple encryption(not SSL, lol), and 'careful' moderation of social websites/interactions, and use of complex, rapidly changing passwords. Unless you tee-off someone really bad, it's unlikely your home is being saturated with ultrasonics, not impossible, but unlikely.
     
  9. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
  10. 142395

    142395 Guest

    Ah, sorry for my wrong direct-translated English!
    I meant malware which use ultrasonic for communication, but your showing about espionage technique and prevention is more interesting. So it's a kind of an approach "If you want to hide a leaf, hide it in forest", right?
    But well, as you suggested in the last sentence, it's unlikely I will be targeted and I don't want to spend my life in ultrasonic saturated room as it might have long-term effect on my health! :argh:lol.

    I also didn't know about Sheryl Atkinson's incident, thanks for info!
     
  11. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    LastPass has a free 6 month premium membership available. If you want to use a Yubikey for 2 stage authentication this is the way to go.


    https://lastpass.com/hbpromo.php?h=...ca94266e87768e0332f5470b1d0&n=Naritas Finance

    I always download all my passwords and encrypt that folder because imo worse than someone breaking in is me not being able to access my passwords. LastPass can't give them to you and there is a cookie or something that you can download but if that gets erased you may be out of well in my case about 800 passwords.
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,088
    Location:
    USA
    Last edited: Dec 10, 2014
  13. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    Yeah,it is still in beta,hopefully they fix the issue quickly:)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.