[HN Gopher] I'm sure LastPass setting the delete account to disp... ___________________________________________________________________ I'm sure LastPass setting the delete account to display: none was coincidental Author : detaro Score : 150 points Date : 2022-12-24 22:06 UTC (53 minutes ago) (HTM) web link (infosec.exchange) (TXT) w3m dump (infosec.exchange) | darkstar999 wrote: | Apparently they have never heard about the Streisand Effect. | wyxuan wrote: | * * * | Johnny555 wrote: | The title would make more sense with quotes around the CSS | keywords: | | _I 'm sure LastPass setting the delete account to "display: | none" was coincidental_ | _the_inflator wrote: | I got it right the first time. Too much time spend with CSS. | | Nevertheless you are right. Clarity is needed here. | princevegeta89 wrote: | Took me a while to understand. OP, you're encouraged to kindly | make the CSS terminology stand out a little more obviously in | the title. | bigmattystyles wrote: | I work at a large company and against the opinion of many | engineers and infosec folks, lastpass was picked as our preferred | corporate password storage. I'm just waiting for a call from | infosec asking me to log on and to rotate a bunch of creds. Happy | Holidays. | jiggawatts wrote: | Our new parent company -- that works in a security-sensitive | industry -- rolled out LastPass over the last few months. | | I sent a warning letter to the CISO listing the previous hacks | and vulnerabilities in LastPass. | | Then this new hack happened, and the CISO sent out a letter | saying that there is nothing to be concerned about and that all | is well. | | When the news broke that the breach was worse than predicted, I | sent another letter to the CISO highlighting the concern. | | So far, I've had zero responses to any of my emails. Just radio | silence. The cold shoulder treatment. Dogs barking in the | distance. Etc... | | I'm starting to suspect that the CISO is getting some sort of | kickback from LastPass, because he's doubling down with every | breach on a bad decision. | | Has anyone else had any experience with LastPass offering | outright bribes to senior staff to get sales? If I can point to | a precedent, that would be helpful. | jacksnipe wrote: | He doesn't need to be getting a kickback. He probably just | wants to spin as hard as he can that his poor choice cost did | not cost the company a bunch of money. | fabian2k wrote: | I wouldn't suspect kickbacks immediately, simply trying to | avoid blame for the initial decision seems motive enough. | KMag wrote: | It's human nature to repeatedly double-down on any strongly | stated opinion until its defence becomes untenable. It takes | repeated intentional practice to keep your ego in check. | random_kris wrote: | You are reading too much into it. Probably ciso is busy with | other things and cannot respond to every's smartass wishes. | kortilla wrote: | There is absolutely no reason to suspect kickbacks when there | is already a massive incentive to not be seen as responsible | for a massive blunder and waste of company resources. | | The moment some exec pushes for some tech or process change, | they become incentivized to ignore all problems and sell it | as a success. | sys_64738 wrote: | At my previous employer I remember saying don't do it with | LastPass as the credentials will get stolen. The so-called tech | lead said, "I hear what you're saying but it's been decided." I | wonder what he is thinking now when he hears about this. | Probably nothing. | jiggawatts wrote: | Senior LastPass manager: "Decrease customer churn!" | | Junior LastPass manager: "Okay!" | danuker wrote: | Christmas retention miracle | erikrit wrote: | I thought this was a joke, but it's actually true; just verified | on my account... | garganzol wrote: | Is LastPass one of those password managers that only encrypt | passwords and leave other data as is? I always cringe when | password managers do that. This is a funny joke for anyone who | understands even a little about cryptography. | driscoll42 wrote: | This is very frustrating... I operated with LastPass on the | assumption that the other data was encrypted in there. So | backup authentication codes stored. Alas, time to invalidate a | bunch of crap. | dividedbyzero wrote: | I see why it's a bad idea, but what does that have to do with | cryptography? | mikechalmers wrote: | I don't understand enough to know why it's a bad idea but | Cryptography is the practice and study of techniques for | secure communication in the presence of adversarial | behaviour, so this part seems clear to me. | pram wrote: | I spent last night resetting dozens of passwords and migrating | everything into Keychain. Some observations: | | Keychain integration with 2fa codes is really nice. Passkeys are | awesome and I wish more sites implemented this. So far I only saw | Google and eBay? | judge2020 wrote: | > Passkeys are awesome and I wish more sites implemented this. | | 99% of the time, websites that allow you to use a "Security | Key" or "Fingerprint" are using WebAuthn, which is all that's | needed for PassKeys to work, (besides a few sites that use a | stricter webauthn config). ___________________________________________________________________ (page generated 2022-12-24 23:00 UTC)