Password Privacy Issues With LastPass
This week has dealt a couple of nasty blows to privacy. LastPass, a widely used password storage system, has experienced a major vulnerability this week. The company has even advised users to stop using the in browser plugin until the issue is resolved. The vulnerability was discovered by Tavis Ormandy, a security researcher at Google, who has since publicly cautioned users and advised LastPass of the issue (without broadcasting specifically what the issue is to the public).
If you are among those who trust LastPass, the recommended actions to take are:
- Launch sites directly from the LastPass Vault;
- Use two-factor authentication; and
- Beware of phishing attacks.
The company has been as transparent as can be reasonably expected about the issue, stating that,
We are now actively addressing the vulnerability. This attack is unique and highly sophisticated. We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. So you can expect a more detailed post-mortem once this work is complete.
Having Guns Is A Constitutional Right, Privacy Apparently Isn’t
Over in the US, Trump and the US Government have taken “big” steps towards maintaining their status as the ‘land of the free’. By which I mean, free if you’re a big corporation, as long as it’s at the expense of the average person.
Companies like Facebook and Twitter have had the right to collect, use or sell data at will, the argument being that people choose if they want to use the service. If they don’t like it, they can stop using it. Internet Service Providers (ISPs) weren’t afforded the same right, thanks to Obama’s “Protecting the Privacy of Customers of Broadband and Other Telecommunication Services” rule. Until now.
Thanks to a Bill that passed through Congress, and that Trump’s administration how vowed to sign, ISPs will be able to sell any information they desire. ISPs now have the rights to distribute financial information, health information, Social Security numbers, precise geo-location information, information pertaining to children, content of communications, web browsing history, application usage history, and the functional equivalents of web browsing history or application usage history.
This is worse news still for many Americans, simply because if their chosen ISP does abuse their new power, many are powerless to switch provider. Despite being a global superpower, many areas of America only have access to a single ISP. This seems remarkable, especially when this week India was able to launch a 1Gbps broadband service! That’s over 5 times faster than Virgin Media’s best offering of 200Mbps, which isn’t all that widely available even – my flat in London Zone 2 can’t get better than a 20Mbps provider (which is 1/50th of the speed).
Ultimately people won’t notice a major difference from this new law, the reality is it will cause even more targeted advertising campaigns. As Jeffrey Chester, executive director of the Center for Digital Democracy (a privacy rights advocacy group), pointed out, ‘ISPs have a big target on their backs as repositories for new, proprietary information about Americans’ and ‘that this is a data breach in the waiting’. So the information would likely be made public, one way or another. But this doesn’t change the fact that people should have the right to choose and if they wish to live a private life, they shouldn’t be denied that because American ISPs want to make a quick buck.Industry News, Internet, LastPass, Privacy