Sunday January 17, 2016

LastPass Vulnerable To Simple Phishing Attack

Those of you who use the password manager should check this out and take the necessary precautions.

I call this attack LostPass. The code is available via Github. LostPass works because LastPass displays messages in the browser that attackers can fake. Users can't tell the difference between a fake LostPass message and the real thing because there is no difference. It's pixel-for-pixel the same notification and login screen.