[cryptography] LastPass have been hacked, so it seems.

Jeffrey Walton noloader at gmail.com
Tue Jun 16 21:56:32 EDT 2015


On Tue, Jun 16, 2015 at 9:24 AM, Givon Zirkind <givonne at gmx.com> wrote:
> keeping something safe in the cloud inherently requires trusting a third
> party.
> yeah, that says it all.

Right. And third parties cannot protect against the threat posed by
officers of the court/legal jurisdiction.

(Are National Security Letters considered in this threat, or are they
a new threat due to operating outside the law in the US?).

> cloud computing is good for non critical stuff and stuff you want ppl to see
> anyway.  like your web page.  even then, javascript injection jacking your
> page, blah, blah.
> if the cloud is not good for HIPAA, banks, financial institutions, that
> should be a clue.

Studies are showing medical data is less safe in the cloud. See, for
example, "Study: Healthcare Industry Contains Most Cloud Data
Breaches," http://talkincloud.com/cloud-computing-security/06152015/study-healthcare-industry-contains-most-cloud-data-breaches.

And remember, Apple moved user Keychains to its iCloud and they were
subsequently breached. Apparently, Apple does not feel its important
enough to ensure it meets its own secure coding standards or properly
QA it. Confer, CVE-2015-1065.

Jeff

> Sent: Monday, June 15, 2015 at 6:46 PM
> From: Moti <m at cyberia.org.il>
> To: cryptography at randombit.net
> Subject: [cryptography] LastPass have been hacked, so it seems.
> I always had my doubts about keeping my passwords in the cloud.
> Let's hope for LastPass users that their data is as secure as LastPass
> claims it is.
> No reason to think otherwise of course, but still. If i read correctly
> between the lines, some people's (sensitive) data maybe on the wrong hands.
> I mean, what if Chinese hackers got it? (Yeah, it feels like i sound a bit
> Paranoid, but in this day and age, Chinese hackers are actually a thing:)
> are we sure that the Chinese government don't have enough computing power to
> unhash whatever was taken?
> just saying...
> https://blog.lastpass.com/2015/06/lastpass-security-notice.html/
>


More information about the cryptography mailing list