{"id":152211,"date":"2016-01-18T08:47:34","date_gmt":"2016-01-18T06:47:34","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=152211"},"modified":"2016-01-18T08:49:09","modified_gmt":"2016-01-18T06:49:09","slug":"lastpass-vulnerable-to-simple-phishing-attack","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/152211-lastpass-vulnerable-to-simple-phishing-attack.html","title":{"rendered":"LastPass vulnerable to simple phishing attack"},"content":{"rendered":"<p><a href=\"https:\/\/www.seancassidy.me\/lostpass.html\" target=\"_blank\"><strong>Security researcher Sean Cassidy has developed<\/strong><\/a> a simple attack against the LastPass password management service, and <strong><a href=\"https:\/\/github.com\/cxxr\/lostpass\" target=\"_blank\">published the code on Github<\/a><\/strong>.<\/p>\n<p>Cassidy said he discovered a phishing attack against LastPass that allows an attacker to steal a LastPass user&#8217;s email, password, and two-factor authentication code.<\/p>\n<p>This will give the attacker full access to all the victim&#8217;s passwords and documents stored in LastPass.<\/p>\n<p>\u201cI call this attack LostPass,\u201d said Cassidy. \u201cLostPass works because LastPass displays messages in the browser that attackers can fake.\u201d<\/p>\n<p>\u201cUsers can&#8217;t tell the difference between a fake LostPass message and the real thing because there is no difference. It&#8217;s pixel-for-pixel the same notification and login screen.\u201d<\/p>\n<h3 class=\"my-4\">More on\u00a0security<\/h3>\n<p><strong><a href=\"http:\/\/mybroadband.co.za\/news\/security\/129394-lastpass-hacked-you-need-to-change-your-master-password.html\">LastPass hacked \u2013 you need to change your master password<\/a><\/strong><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/125948-beware-of-these-tricks-criminals-use-to-steal-your-money-through-online-banking.html\"><strong>Beware of these tricks criminals use to steal your money through online banking<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/125080-top-internet-attack-traffic-revealed.html\"><strong>Top Internet attack traffic revealed<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researcher Sean Cassidy has developed a simple attack against the LastPass password management service.<\/p>\n","protected":false},"author":23,"featured_media":129396,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,31054,35019,35021],"class_list":["post-152211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-lastpass","tag-lostpass","tag-sean-cassidy"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/152211"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=152211"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/152211\/revisions"}],"predecessor-version":[{"id":152221,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/152211\/revisions\/152221"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/129396"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=152211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=152211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=152211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}