Results 1 to 3 of 3
  1. #1
    Head Admin TeaLeaf's Avatar
    Join Date
    Apr 2002
    Location
    UK in body. Atlanta in spirit.
    Posts
    28,080
    Blog Entries
    6

    One Login - breach

    If you use this addon, then you might need to be doing a bit of work.

    https://arstechnica.com/security/201...sed-decrypted/
    https://krebsonsecurity.com/2017/06/...-decrypt-data/
    TL.
    Wisdom doesn't necessarily come with age. Sometimes age just shows up all by itself. (Tom Wilson)
    Talent wins games, but teamwork and intelligence wins championships. (Michael Jordan)

  2. #2
    “Customer data was compromised, including the ability to decrypt encrypted data,”
    Not good. I'm no expert but would anyone really store a password vault somewhere where the storage owner had the facility to decrypt the vault, even for legitimate service based reasons? Again I'm no expert but a password file that can be decrypted anywhere other than my own device, using a password that lives anywhere other than inside my head isn't really a good idea. Hackers can have my password file if they like as it's encrypted with a password of 30+ characters and locked with Google 2 factor authentication.

    I'm sure corporations have needs different to mine but partnering with a company that keeps your stuff in their servers with the ability to decrypt it, even for legitimate reasons, seems daft.

  3. #3
    Galatoni's Avatar
    Join Date
    Oct 2013
    Location
    North Lincolnshire, UK
    Posts
    1,377
    Quote Originally Posted by smilodon View Post
    Not good. I'm no expert but would anyone really store a password vault somewhere where the storage owner had the facility to decrypt the vault, even for legitimate service based reasons? Again I'm no expert but a password file that can be decrypted anywhere other than my own device, using a password that lives anywhere other than inside my head isn't really a good idea. Hackers can have my password file if they like as it's encrypted with a password of 30+ characters and locked with Google 2 factor authentication.

    I'm sure corporations have needs different to mine but partnering with a company that keeps your stuff in their servers with the ability to decrypt it, even for legitimate reasons, seems daft.
    What you describe is fairly standard. Sounds like a pretty big boo boo.

    Sent from my Swift 2 using Tapatalk
    "Forewarned is forearmed"

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Possible LastPass Security Breach
    By Bob in forum Cyber Security
    Replies: 10
    Last Post: 7th May 2011, 05:45 PM
  2. Security Breach
    By Dr Sadako in forum Cyber Security
    Replies: 2
    Last Post: 22nd October 2003, 05:46 PM
  3. How to breach the FSB max on an XP2100+ or higher CPU
    By TeaLeaf in forum Technology Section
    Replies: 2
    Last Post: 18th January 2003, 11:56 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •