After PSN. Who's next?

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

After PSN. Who's next?

<< < (2/7) > >>

TheQwerty:
Briefer version of the LastPass post: They saw an increase in activity on their server network and from one of their databases, but have been unable to identify the cause and are thus treating it as an intrusion.

It's possible that an intruder got the server's salt, users' e-mail addresses and their salted master-password hashes. This means they could attempt to brute-force the hashes in the hopes of uncovering some passwords, use these to log in, and then would have access to the user's stored passwords.

To prevent this LastPass are forcing all users to reset their master-passwords, while they rebuild/verify the affected machines, and explore the anomaly.

It's nice to see LastPass taking the correct actions as Sony stumbles around for another month.

tomos:
Re LastPass:

I was not forced to change my master password, but I did. It proceeded to re-encrypt everything.
now though, when I log in, I'm getting this message:
-------------------------------------
An error has been encountered while loading your site
Please relogin
------------------------------------
it is recognising the new password - it actually briefly showed my page on one attempt, but with most text not showing & with some weird unicode characters. I dont even know if I have a backup of this stuff :-\ (but I did just recently import most of it from Roboform).
So I suspect a problem with their re-encryption...

40hz:
Happened to Ashampoo in April, although they took pains to let us know customer credit card information was supposedly not part of what got compromised.

Which data were stolen?

The stolen pieces of information are data of addresses such as name and e-mail address. Billing information (e.g. credit card information or banking information) is definitely not affected, because our shop service contractors are concerned with this data and it is not stored on our system.
--- End quote ---

This is the letter they sent out to their customers.

OK...who's next? :-\

superboyac:
This is exactly why I go out of my way to avoid cloud services. Especially passwords...I don't see how people are comfortable storing ALL of their passwords in the cloud with another company. I don't care what they say about encryption and security...it just doesn't seem wise to me.

phitsc:
This is exactly why I go out of my way to avoid cloud services. Especially passwords...I don't see how people are comfortable storing ALL of their passwords in the cloud with another company. I don't care what they say about encryption and security...it just doesn't seem wise to me.
-superboyac (May 05, 2011, 08:57 AM)
--- End quote ---

The cloud is just so damn comfortable for certain things, especially for us geeks who are using multiple devices and computers.

But I agree with your concerns. Even if cloud service companies try to do everything to keep our stuff safe, there are still people operating these companies, and people just make mistakes. Also, while one can prove mathematically that encryption is safe, there is still all this technology around it that is not free of bugs.

Navigation

[0] Message Index

[*] Previous page

Go to full version