straygecko Wrote:I reported this to Lastpass in July of last year and Lastpass has only logged me off a handful of times since then. I told them it was a serious security issue and they said they would pass on "my suggestion" that it was a security issue that needed to be fixed. Its a real problem when your security software vendor doesn't take security problem reports seriously. Its clear the issue isn't that its difficult to recreate its a lack of commitment on the part of Lastpass to thoroughly investigate bugs.
We are working to get a 'hotfix' released as soon as possible.
Unfortunately, this issue took a little longer to catch as the feature works correctly the first time or two before failing, so initial attempts to reproduce it in response to support tickets failed. If you have read the recent Lifehacker article you will see the author mentions he was unable to reproduce the issue too.
As soon as I have confirmation that the extension update is approved and being published I will post an update to this thread
Glenn Dobson | Community Leader, Social Support
jpenny84 Wrote:The main attack vector with this is casual access to an unlocked computer. Do you know what else someone with access to an unlocked computer that most likely has administrator rights can do? View and/or download all your personal files, install malware, browse through email and social media accounts, etc.
The bigger issue here is that people aren't password protecting their operating systems and locking them when not at the machine.
straygecko Wrote:I am well aware of computer security issues having worked in the field for decades. My computer is locked and password protected when I leave it. There is still no excuse for not taking reports of automatic logout not working seriously. Its purpose is different than locking the computer. Security breaches usually are a combination of errors and I expect security vendors to take bug reports for security features seriously so their error is not the one that adds to the possibility of a security breach.
Users browsing this forum: Google [Bot] and 89 guests