Security - Channel Insider

Empowering the next generation Channel

Home

Security

Network Anomoly Sparks Password Concerns for LastPass Users

[ci] deep dives:

Managed Services Distribution Careers Linux and Unix Computer Networking Printers Security SMB Partner Storage Surveys Solution Builder Messaging/Collaboration Dell Reseller Microsoft Partner

Network Anomoly Sparks Password Concerns for LastPass Users

in Security

DATE: 2011-05-06 | By Channel Insider Staff

Article Rating:

/ 3
Article Views: 4034

More Security Coverage

<<Previous Security News Next Security News >>

Online password manager LastPass notified customers of a potential breach that requires them to change their master passwords immediately.

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

An “anomaly” in the network traffic has prompted online password manager LastPass to notify its customers of a potential security breach that requires them to immediately change their master passwords.

Administrators noticed a “network traffic anomaly” that lasted a few minutes from a “non-critical” machine on May 3, LastPass wrote on its blog on May 4. Most anomalies generally turn out to be an employee poking around or an automated script executing a process.

After some more digging, the team discovered a matching anomaly in which more traffic was sent from the database compared to what was actually received by the server. The team was able to gauge roughly the amount of data that had been stored, calculated that it was big enough to have transferred user email addresses along with the server “salt and salted” password hashes from the database. The amount of data taken wasn’t “remotely enough” to have pulled many users’ encrypted data blogs, according to LastPass.

“We’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed,” the LastPass team wrote.

Salts are randomly generated bits of data that is combined with a password before generating a cryptographic hash, which is saved in the database. Using a salt generally makes it harder for attackers to brute-force a password. Using a salt expands the storage and computing power required to create a rainbow table, or a precomputed lookup table containing hash values of dictionary words and a salt. So conventional wisdom says it is not feasible to crack passwords protected in this way. However, there have been recent reports of hackers leasing resources from Amazon EC2 to crack passwords.

As a result, if the user selected a strong, non-dictionary-based password or passphrase for the master password on LastPass, the potential threat is very small because it’s unlikely the attacker would be able to brute-force its way to gain access to other accounts, according to LastPass.

“Unfortunately not everyone picks a master password that’s immune to brute forcing,” the team wrote.

For more, read the eWEEK article: LastPass Forces Master Password Reset After Detecting Network Anomaly.

comments dic



	>>> More Security Articles >>> More By Channel Insider Staff

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

Follow @ChannelInsider
< Prev | Next >

about 6 hours agoAssessing the Impact of HP Layoffs - HP needs channel partners to help put some distance between it all the drama ... http://t.co/2H0Gq8HJ
about 7 hours agoThin Client Opportunity Gets Richer for the Channel - IT organizations are rethinking client strategy in the age of ... http://t.co/JxUbh24m
May 23rd 4:38 PMPutting a Channel Face on the Cloud - Amazon, Google and others may leverage the channel to compete more aggressivel... http://t.co/RUeo9iT5
May 22nd 10:41 PMExpanding the Reach and Scope of Desktop Virtualization - VMware moves to acquire Wanova - VMware has set out to ... http://t.co/Ad020fhT
May 22nd 8:58 PMConsidering the IBM Watson Possibilities - IBM looks to the channel to help find new use cases for cognitive computi... http://t.co/CAljVbac
May 22nd 8:54 AMVariations on a Cloud Storage Theme in the Channel - EMC expands focus on the cloud via a channel that is wrestling ... http://t.co/MORSpkkb
May 21st 10:43 AMRightsizing the Cloud Service Provider - Cloudbursting will alter the way the channel thinks about cloud computing i... http://t.co/eZ33qdKE
May 17th 6:39 PMThe Future of IT Services - Automated managed services are transforming the way IT services are delivered - Histo... http://t.co/w4zvAS8u
May 17th 12:39 PMRising to the Cloud Application Management Challenge - BetterCloud previews management tool for Google Apps environm... http://t.co/KzhO7FlP
May 16th 11:00 AMPlaying the IT Services Name Game - HP expands ability of partners to deliver branded services as part of effort to ... http://t.co/XU3QOnKz

[ci] feeds

Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

CHANNEL SPONSORED RESOURCE CENTER

Start the New Year with business intelligence—it’s a smart move
Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.
Click Here

Security and Availability Essentials for Running Your Business in the Cloud
Are you moving to the cloud? Find out what every IT professional should know about security and availability before moving to the cloud. Hear what a security provider’s own CSO has to say.
Watch Video

New Tool Analyzes Data Without Bias

A new algorithm automatically identifies relationships between variables to help reduce researcher prejudice.
Click Here

Channel Insider:

Security:
Network Security
Enterprise Networking
Infrastructure Security
How To: Data
IT Security News
Security Watch Blog
Secure Channel Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
Computer Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Complementary Magazine Subscriptions

Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Publish Online
Web Buyers Guide

Developer Websites:
Microsoft DevSource
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 5

Network Anomoly Sparks Password Concerns for LastPass Users

More Security Coverage

Online password manager LastPass notified customers of a potential breach that requires them to change their master passwords immediately.

Related Content

Follow @ChannelInsider < Prev | Next >

Follow @ChannelInsider
< Prev | Next >