On 23 March 2012 23:36, Jason Todd <jtodd...@hotmail.com> wrote: > Guys, please read these (or listen to the podcasts): > http://www.grc.com/sn/sn-256.htm > http://www.grc.com/sn/sn-257.htm > > Things being said seem to conflict with what I learned from this episode of > security now on how lastpass works. Essentially: LastPass is very secure and > no one can access the data except the user.
LastPass may be secure today, but it is trivially easy for LastPass (or a hypothetical attacker who gains access to LastPass's infrastructure) to compromise that security simply by replacing the javascript code which does the client side encryption and decryption with some code that also passes the encryption key back up to the server (or wherever). -- Matt Wheeler m...@funkyhat.org -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss