So in other words, the vault itself is not fundamentally flawed, but the design of the current extension doesn't proactively firewall against LastPass turning into a bad actor. Any such change would be publicly detectable, but could theoretically be targeted to avoid widespread notice. rogue employees, or via court order) there is a way that the extension could be made to upload your vault key back to LP if you click on certain things within the extension, namely some parts of the preferences, or something like that. The threat scenario described by the article: If someone within LastPass wanted to gain access to your passwords (e.g.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |