[HN Gopher] I'm sure LastPass setting the delete account to disp...
___________________________________________________________________
I'm sure LastPass setting the delete account to display: none was
coincidental
Author : detaro
Score : 150 points
Date : 2022-12-24 22:06 UTC (53 minutes ago)
(HTM) web link (infosec.exchange)
(TXT) w3m dump (infosec.exchange)
| darkstar999 wrote:
| Apparently they have never heard about the Streisand Effect.
| wyxuan wrote:
| * * *
| Johnny555 wrote:
| The title would make more sense with quotes around the CSS
| keywords:
|
| _I 'm sure LastPass setting the delete account to "display:
| none" was coincidental_
| _the_inflator wrote:
| I got it right the first time. Too much time spend with CSS.
|
| Nevertheless you are right. Clarity is needed here.
| princevegeta89 wrote:
| Took me a while to understand. OP, you're encouraged to kindly
| make the CSS terminology stand out a little more obviously in
| the title.
| bigmattystyles wrote:
| I work at a large company and against the opinion of many
| engineers and infosec folks, lastpass was picked as our preferred
| corporate password storage. I'm just waiting for a call from
| infosec asking me to log on and to rotate a bunch of creds. Happy
| Holidays.
| jiggawatts wrote:
| Our new parent company -- that works in a security-sensitive
| industry -- rolled out LastPass over the last few months.
|
| I sent a warning letter to the CISO listing the previous hacks
| and vulnerabilities in LastPass.
|
| Then this new hack happened, and the CISO sent out a letter
| saying that there is nothing to be concerned about and that all
| is well.
|
| When the news broke that the breach was worse than predicted, I
| sent another letter to the CISO highlighting the concern.
|
| So far, I've had zero responses to any of my emails. Just radio
| silence. The cold shoulder treatment. Dogs barking in the
| distance. Etc...
|
| I'm starting to suspect that the CISO is getting some sort of
| kickback from LastPass, because he's doubling down with every
| breach on a bad decision.
|
| Has anyone else had any experience with LastPass offering
| outright bribes to senior staff to get sales? If I can point to
| a precedent, that would be helpful.
| jacksnipe wrote:
| He doesn't need to be getting a kickback. He probably just
| wants to spin as hard as he can that his poor choice cost did
| not cost the company a bunch of money.
| fabian2k wrote:
| I wouldn't suspect kickbacks immediately, simply trying to
| avoid blame for the initial decision seems motive enough.
| KMag wrote:
| It's human nature to repeatedly double-down on any strongly
| stated opinion until its defence becomes untenable. It takes
| repeated intentional practice to keep your ego in check.
| random_kris wrote:
| You are reading too much into it. Probably ciso is busy with
| other things and cannot respond to every's smartass wishes.
| kortilla wrote:
| There is absolutely no reason to suspect kickbacks when there
| is already a massive incentive to not be seen as responsible
| for a massive blunder and waste of company resources.
|
| The moment some exec pushes for some tech or process change,
| they become incentivized to ignore all problems and sell it
| as a success.
| sys_64738 wrote:
| At my previous employer I remember saying don't do it with
| LastPass as the credentials will get stolen. The so-called tech
| lead said, "I hear what you're saying but it's been decided." I
| wonder what he is thinking now when he hears about this.
| Probably nothing.
| jiggawatts wrote:
| Senior LastPass manager: "Decrease customer churn!"
|
| Junior LastPass manager: "Okay!"
| danuker wrote:
| Christmas retention miracle
| erikrit wrote:
| I thought this was a joke, but it's actually true; just verified
| on my account...
| garganzol wrote:
| Is LastPass one of those password managers that only encrypt
| passwords and leave other data as is? I always cringe when
| password managers do that. This is a funny joke for anyone who
| understands even a little about cryptography.
| driscoll42 wrote:
| This is very frustrating... I operated with LastPass on the
| assumption that the other data was encrypted in there. So
| backup authentication codes stored. Alas, time to invalidate a
| bunch of crap.
| dividedbyzero wrote:
| I see why it's a bad idea, but what does that have to do with
| cryptography?
| mikechalmers wrote:
| I don't understand enough to know why it's a bad idea but
| Cryptography is the practice and study of techniques for
| secure communication in the presence of adversarial
| behaviour, so this part seems clear to me.
| pram wrote:
| I spent last night resetting dozens of passwords and migrating
| everything into Keychain. Some observations:
|
| Keychain integration with 2fa codes is really nice. Passkeys are
| awesome and I wish more sites implemented this. So far I only saw
| Google and eBay?
| judge2020 wrote:
| > Passkeys are awesome and I wish more sites implemented this.
|
| 99% of the time, websites that allow you to use a "Security
| Key" or "Fingerprint" are using WebAuthn, which is all that's
| needed for PassKeys to work, (besides a few sites that use a
| stricter webauthn config).
___________________________________________________________________
(page generated 2022-12-24 23:00 UTC)