LastPass hit by password stealing and code execution vulnerabilities

LinuxSecurity.com: LastPass has closed a remote code execution vulnerability on its Chrome extension, but according to Google Project Zero researcher Tavis Ormandy, issues remain on its Firefox extension, as well as details on another password-stealing vulnerability to come. Writing in the Project Zero issue tracker, Ormandy said it was possible to proxy untrusted messages to LastPass.

From: Linux Security

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

US-CERT Warns That HTTPS Inspection Tools Weaken TLS

LinuxSecurity.com: HTTPS inspection tools are, in essence, a security team’s authorized man-in-the-middle attacker: they intercept encrypted SSL/TLS traffic, in order to, for example, search it for malware that uses HTTPS to connect to malicious servers. However, in an alert today, US-CERT warned that HTTPS interception weakens TLS security, advising that organizations “carefully consider the pros and cons of such products before implementing.”

From: Linux Security

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail