Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 31 Jul 2014, 20:24
All times are UTC - 4
 Forum index » Off-Topic Area » Security
lastpass compromised?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [5 Posts]  
Author Message
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Fri 06 May 2011, 05:19    Post subject:  lastpass compromised?
Subject description: Cloud security fails again . . .
 

Here is an example of Micky Mouse Security thinking . . .

I use the Lastpass service and it is a very good cloud service that
allows you to use only one password
. . . well eh that is the theory . . .

I log in (correctly) with IcePuppy 008 - a pristine 'puppy pfix=ram'
so I want all my passwords and though I understand the risks Lastpass
is convenient. It auto logs into the forum, gmail etc once you have set it up

Only I can not because they MAY have been compromised
and their systems are busy resetting passwords

http://www.itpro.co.uk/633265/lastpass-passwords-compromised-in-possible-ironic-hack

and this friends is the 'cloud' in all its glory, security and convenience

Pah Evil or Very Mad
You may now laugh at my misery as I troll through my old fashioned password book . . . Wink

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
ShellyCat

Joined: 13 May 2011
Posts: 39
Location: USA

PostPosted: Tue 17 May 2011, 02:57    Post subject:    

Thanks for the news, Lobster! I use Xmarks and was thinking of getting LastPass, as well...but I think I'll pass!
_________________
Puppy Distro: pup-431JPqs3 "Quickset Puppy Linux (Japanese/English bilingual)"
Previous distros: Slackware (preferred), Fedora Core 6 (in school), Ubutntu (not much)
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 17 May 2011, 06:34    Post subject:  

ShellyCat wrote:
Thanks for the news, Lobster! I use Xmarks and was thinking of getting LastPass, as well...but I think I'll pass!


oops Xmarks? Did they take care of passwords too? I remember me was on Xmarks maybe one year ago but thought them only cared about my bookmarks. Could they have copied over the passwords from my Firefox without my knowing? Should I go there and try to delete everything?

I thought of getting Last pass too and the other competing services but felt unsure.

I hate my poor memory. one time it took me some two months or more to get the yahoo password back from my memory.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
ShellyCat

Joined: 13 May 2011
Posts: 39
Location: USA

PostPosted: Tue 17 May 2011, 08:09    Post subject:  

nooby wrote:
ShellyCat wrote:
Thanks for the news, Lobster! I use Xmarks and was thinking of getting LastPass, as well...but I think I'll pass!


oops Xmarks? Did they take care of passwords too? I remember me was on Xmarks maybe one year ago but thought them only cared about my bookmarks. Could they have copied over the passwords from my Firefox without my knowing? Should I go there and try to delete everything?


Hi nooby,

Yes, you could sync your passwords (remembered by your browser) with Xmarks, too, but you would have to select the option specifically. They don't do anything without you knowing. (It's completely irrelevant, except to your Xmarks password, if you didn't store passwords in your browser in the first place.)

I have no idea if the Xmarks security was breached as well...Xmarks was originally developed by someone else. The LastPass developers took over Xmarks later. Both server setup and the application can affect security, and I don't know if both apps are even on the same server (or different servers having the same setup).

Also, in Xmarks, you have the option to encrypt the log-in process, encrypt everything being uploaded/downloaded, or encrypt nothing at all (important since network sniffing is one way to steal passwords).

I don't see why you should delete everything...certainly not everything...not your bookmarks.

If you did sync your passwords to Xmarks, you could choose not to do so anymore, but I don't know if that deletes them from the server.

If you did sync your passwords to Xmarks, and you're concerned about it, contact the Xmarks developers for specific info. (Probably there is a link in the Add-Ons manager, but I am using Seamonkey right now so I can't tell you.)

_________________
Puppy Distro: pup-431JPqs3 "Quickset Puppy Linux (Japanese/English bilingual)"
Previous distros: Slackware (preferred), Fedora Core 6 (in school), Ubutntu (not much)
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 17 May 2011, 12:53    Post subject:  

oops, it is that bad. I guess it is already too late then.
I mean they already have them don't they? The guys that did the hack+

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [5 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0534s ][ Queries: 11 (0.0030s) ][ GZIP on ]