
Povratak   PC Ekspert Forum > Računala > Software > Aplikacije

Staro 18.01.2022., 12:47   #91
Datum registracije: Oct 2008
Lokacija: Dbk
Postovi: 1,096
Ispod su dva linka sa jednom i drugom stranom priče, ali LastPass je u zadnje vrijeme jako sumnjiv servis i bilo bi ga pametno napustiti dok se još može bez većih problema.
Isto vrijedi i za Authy i sve ostale servise koji ne nude export podataka, seedova i svega ostalog potrebnog za korištenje drugog servisa.
Night je offline   Reply With Quote
Staro 25.08.2022., 23:26   #92
The Exiled
Moj komp
The Exiled's Avatar
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 7,064
LastPass developer systems hacked to steal source code
Password management firm LastPass was hacked two weeks ago, allowing threat actors to steal the company's source code and proprietary technical information. The disclosure comes after BleepingComputer learned of the breach from insiders last week and reached out to the company on August 21st without receiving a response. Sources told BleepingComputer that employees were scrambling to contain the attack after LastPass was breached. After requests for information, LastPass released a security advisory today confirming that the company was breached through a compromised developer account that was used to access the company's developer environment.

While LastPass says there is no evidence that customer data or encrypted password vaults were compromised, the threat actors did steal portions of their source code and "proprietary LastPass technical information." LastPass has not provided further details regarding the attack, how the threat actors compromised the developer account, and what source code was stolen. LastPass is one of the largest password management companies in the world, claiming to be used by over 33 million people and 100,000 businesses. As consumers and businesses use the company's software to store their passwords securely, there are always concerns that if the company was hacked it could allow threat actors access to stored passwords.

However, LastPass stores passwords in 'encrypted vaults' that can only be decrypted using a customer's master password, which LastPass says was not compromised in this cyberattack. Last year, LastPass suffered a credential stuffing attack that allowed threat actors to confirm a user's master password. It was also revealed that LastPass master passwords were stolen by threat actors distributing the RedLine password-stealing malware. Due to this, it is vital to enable multi-factor authentication on your LastPass accounts so that threat actors won't be able to access your account even if your password is compromised.
Izvor: BleepingComputer
AMD Ryzen 7 Pro 4750G | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
AMD Ryzen 5 7600 | Noctua NH-U12A | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x10TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
The Exiled je online   Reply With Quote
Oglasni prostor
Staro 26.08.2022., 06:16   #93
Moj komp
SPLiFF's Avatar
Datum registracije: Dec 2004
Lokacija: Osijek
Postovi: 2,031
Evo jedne dobre alternative, SafeInCloud koristim 8 godina, bazu držim na svom cloudu, desktop app je free a iOS se plaća jednokratno, lijepo izgleda, ekstenzije rade dobro i ima jako puno mogućnosti personalizacije unosa poput KeePass-a.

Inače paralelno koristim i Dashlane ali samo zato što nisam bio svjestan da SafeInCloud ima 2FA + ne plaćam ga (uvalio se u family).
SPLiFF je offline   Reply With Quote
Staro 29.08.2022., 09:16   #94
Datum registracije: Oct 2008
Lokacija: Dbk
Postovi: 1,096

Fino, sad ćemo znati koliko je siguran kad netko temeljito analizira taj kod. Ako je sve pravilno dizajnirano i implementirano onda curenje koda ne bi trebalo imati nikakav utjecaj na sigurnost korisničkih podataka. Ali ako nije ...
Night je offline   Reply With Quote
Staro 01.12.2022., 11:07   #95
The Exiled
Moj komp
The Exiled's Avatar
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 7,064
Nastavak priče dodatno potvrđuje da LastPass i sigurnost nemaju veze s vezom.
Lastpass says hackers accessed customer data in new breach
LastPass CEO Karim Toubba has revealed that the password manager has been breached again. Toubba said the company detected an unusual activity within a third-party cloud storage service that it shares with its parent company GoTo, which was formerly known as LogMeIn. To investigate the incident, LastPass has teamed up with security firm Mandiant. Together, they've determined that the unauthorized party got into LastPass' cloud service by using information obtained from the security breach it suffered in August this year. Further, they've discovered that the bad actor was able to access "certain elements" of its customers' information.
Izvor: Bleeping Computer
AMD Ryzen 7 Pro 4750G | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
AMD Ryzen 5 7600 | Noctua NH-U12A | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x10TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
The Exiled je online   Reply With Quote
Staro 01.12.2022., 11:18   #96
Moj komp
prileee's Avatar
Datum registracije: Oct 2009
Lokacija: Split
Postovi: 2,293
Ako (uopce) postoji jos netko tko nije migrira na bitwarden ili neku drugu opciju - vrime je.
prileee je offline   Reply With Quote
Staro 01.12.2022., 11:22   #97
Moj komp
Libertus's Avatar
Datum registracije: Jul 2017
Lokacija: Ramura
Postovi: 2,569
Imate Mozilla Sync tj. Firefox Sync.
Vaše lozinke kriptirane vašom glavnom lozinkom. Mana, ako ju zaboravite, bye bye lozinke.
Libertus je offline   Reply With Quote
Staro 01.12.2022., 11:35   #98
The Exiled
Moj komp
The Exiled's Avatar
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 7,064
Da, u ovom trenutku sve je bolje od LastPass i sl. pizdarija. Firefox Sync sam složil mami za njezine sitnice, a glavna lozinka je još dodatno spremljena u KeePass.
AMD Ryzen 7 Pro 4750G | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
AMD Ryzen 5 7600 | Noctua NH-U12A | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x10TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
The Exiled je online   Reply With Quote
Staro 01.12.2022., 12:48   #99
Buying Bitcoin
Moj komp
Neo-ST's Avatar
Datum registracije: Feb 2007
Lokacija: Croatia
Postovi: 8,036
Najbolja alternativa Lastpass-u ?
Neo-ST je offline   Reply With Quote
Staro 01.12.2022., 12:53   #100
Moj komp
vlatko27's Avatar
Datum registracije: Oct 2007
Lokacija: Zagreb
Postovi: 703
Bitwarden. Ili Keepass ako hoćeš malo više DIY.
vlatko27 je online   Reply With Quote
Oglasni prostor
Staro 01.12.2022., 15:39   #101
Buying Bitcoin
Moj komp
Neo-ST's Avatar
Datum registracije: Feb 2007
Lokacija: Croatia
Postovi: 8,036
Autor vlatko27 Pregled postova
Bitwarden. Ili Keepass ako hoćeš malo više DIY.
Po čemu je npr. Bitwarden bolji od Lastpass? Oboje koriste istu metodu enkripcije koliko vidim, zero-knowledge.
Neo-ST je offline   Reply With Quote
Staro 01.12.2022., 15:55   #102
The Exiled
Moj komp
The Exiled's Avatar
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 7,064
Da, ali LastPass to ima samo na papiru kaj se enkripcije tiče, dok ih se uredno hakira, a oni se u međuvremenu prave Englezi i rade ko zna kaj s podacima svojih korisnika kojima svako malo smjeste pušku, podignu cijene ili ih općenito tjeraju na kompromise. BitWarden je višestruko provjereno open-source rješenje koje svatko može, ako želi lokalno podesiti, bez da se kao u LastPass slučaju netko treći ili općenito posrednici miješaju u cijelu priču. Imaš unatrag par stranica sve još dodatno detaljno, pa provjeri, ali kak god se okrene, sve je bolje od LastPassa, bilo lokalni KeePass, BitWarden ili nešto u tom stilu.
AMD Ryzen 7 Pro 4750G | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
AMD Ryzen 5 7600 | Noctua NH-U12A | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x10TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
The Exiled je online   Reply With Quote
Staro 01.12.2022., 16:49   #103
Moj komp
xlr's Avatar
Datum registracije: Sep 2007
Lokacija: PU
Postovi: 9,193
Lokalno hostani Bitwarden (Docker) mi je zasad vec godinu dana vrh i radi bez greske. Prije toga sam duuugo koristio gotovo/njihovo rjesenje (free plan).

Koristim ga na vlastitoj domeni, zena i ja imamo odvojene accounte, 2FA i fail2ban podeseni. Moze se podesiti i enkriptirani automatizirani backup za slucaj da recimo host prdne u rosu.
Keep calm and fastboot oem unlock.
xlr je offline   Reply With Quote
Staro 01.12.2022., 16:54   #104
Buying Bitcoin
Moj komp
Neo-ST's Avatar
Datum registracije: Feb 2007
Lokacija: Croatia
Postovi: 8,036
Postoji li neki jednostavan način kako prebacit zilijun logina i passova sa Lastpass u Bitwarden?
Neo-ST je offline   Reply With Quote
Staro 01.12.2022., 16:55   #105
Moj komp
prileee's Avatar
Datum registracije: Oct 2009
Lokacija: Split
Postovi: 2,293
Da, prebacis sve u 15 min.

Export na lastpassu, import u bitwarden. Rucno san pribacia neke notes od security kodova sta san ima iz last pasaa ako se varam al sve relativno ekspresno obavljeno.

Sent from my iPhone using Tapatalk
prileee je offline   Reply With Quote
Staro 01.12.2022., 16:56   #106
Moj komp
IHrvojeI's Avatar
Datum registracije: Sep 2016
Lokacija: Pag
Postovi: 1,175
Autor Neo-ST Pregled postova
Postoji li neki jednostavan način kako prebacit zilijun logina i passova sa Lastpass u Bitwarden?
al ne postoji export u Lastpassu i import u bitwardenu? Mora bit, jer sam ja to odradio pred koju god kad je isto bilo neko sranje. Sad sam na authenticoru od MS-a koji je za mene OK.
Hvalite me usta moja...: 1,2,3,4,5,6,7,8,9,10...
IHrvojeI je offline   Reply With Quote
Staro 01.12.2022., 17:02   #107
Moj komp
pdx's Avatar
Datum registracije: Dec 2009
Lokacija: krk
Postovi: 485
A sto kad ste prebacili na bitwarden, delete baze na last pass ?
pdx je offline   Reply With Quote
Staro 01.12.2022., 17:26   #108
Moj komp
prileee's Avatar
Datum registracije: Oct 2009
Lokacija: Split
Postovi: 2,293
Da, ima opciju brisanja accounta i svega tamo.

Sent from my iPhone using Tapatalk
prileee je offline   Reply With Quote
Staro 01.12.2022., 18:34   #109
The mighty pirate
Moj komp
1v@n's Avatar
Datum registracije: Sep 2007
Lokacija: London
Postovi: 8,748
Povećali su broj ljudi koje mogu ubaciti u Dashlane Family.

Imam 7 slobodnih mjesta, pa ako je netko zainteresiran, nek se javi.

Trenutno nas je troje, godina je 60 dolara, pa dijelimo po broju korisnika.

Imate ovdje detalje

Zadovoljan već godinama, bez prigovora. Radi na svim OS-ovima i svim browserima.

CPU: Intel Core i7 8809G
MBO: Intel NUC8i7HVK
RAM: 2x16GB Crucial DDR4 2400
GPU: Radeon™ RX Vega M GH

SSD: 2x Samsung 970 Evo Plus 500 GB M.2
Periferija: Microsoft Sidewinder X6, Logitech Performance MX
OS: Windows 10 Pro x64
1v@n je offline   Reply With Quote
Staro 01.12.2022., 19:55   #110
Moj komp
bAKeth's Avatar
Datum registracije: Oct 2016
Lokacija: .
Postovi: 57
Tek nedavno mi se javila potreba za nekim password managerom. Nakon malo istraživanja se odlučio za Bitwarden umjesto LastPassa i vidim da sam dobro odlučio.
bAKeth je offline   Reply With Quote
Staro 02.12.2022., 07:59   #111
Moj komp
SPLiFF's Avatar
Datum registracije: Dec 2004
Lokacija: Osijek
Postovi: 2,031
Autor 1v@n Pregled postova
Povećali su broj ljudi koje mogu ubaciti u Dashlane Family.

Imam 7 slobodnih mjesta, pa ako je netko zainteresiran, nek se javi.

Trenutno nas je troje, godina je 60 dolara, pa dijelimo po broju korisnika.

Imate ovdje detalje

Zadovoljan već godinama, bez prigovora. Radi na svim OS-ovima i svim browserima.
Same here
nikad problema
gratis VPN za povremeno korištenje

Nositelji family plana ne mogu baš ništa s vašim accountom osim izbaciti ga iz obitelji, tako da je skroz sigrurno uvaliti se kod nekoga
SPLiFF je offline   Reply With Quote
Staro 02.12.2022., 10:16   #112
Datum registracije: Oct 2008
Lokacija: Dbk
Postovi: 1,096
Autor bAKeth Pregled postova
Tek nedavno mi se javila potreba za nekim password managerom. Nakon malo istraživanja se odlučio za Bitwarden umjesto LastPassa i vidim da sam dobro odlučio.

Bitwarden je open source, a Lastpass svoj programski kod krije kao zmija noge. Tako da ti je to već bilo dovoljno za donijeti tu (ispravnu) odluku.
Night je offline   Reply With Quote
Staro 02.12.2022., 11:03   #113
Moj komp
vlatko27's Avatar
Datum registracije: Oct 2007
Lokacija: Zagreb
Postovi: 703
Bitwarden je fantastično rješenje i plaćam 10$ premium samo da ih podržim. Godinama sam koristio free na svim uređajima i nevjerojatno je šta nude besplatno naspram konkurencije.
vlatko27 je online   Reply With Quote
Staro 02.12.2022., 11:43   #114
Moj komp
pdx's Avatar
Datum registracije: Dec 2009
Lokacija: krk
Postovi: 485
Eto ga, dobio i Lastpass perm delete. Bitwarden here we go
pdx je offline   Reply With Quote
Staro 03.12.2022., 16:54   #115
Moj komp
Ico2005's Avatar
Datum registracije: Apr 2006
Lokacija: Slavonija ravna
Postovi: 452
također... bitwarden, lastpass upravo trajno obrisan
Ico2005 je offline   Reply With Quote
Staro 23.12.2022., 12:17   #116
The Exiled
Moj komp
The Exiled's Avatar
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 7,064

Firma koja već skoro dvije godine radi suprotno od sigurnosti, napokon priznaje ono kaj je bilo očito od samog početka.
LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. This follows a previous update issued last month when the company's CEO, Karim Toubba, only said that the threat actor gained access to "certain elements" of customer information. Today, Toubba added that the cloud storage service is used by LastPass to store archived backups of production data. The attacker gained access to Lastpass' cloud storage using "cloud storage access key and dual storage container decryption keys" stolen from its developer environment.
AMD Ryzen 7 Pro 4750G | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
AMD Ryzen 5 7600 | Noctua NH-U12A | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x10TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
The Exiled je online   Reply With Quote
Staro 25.12.2022., 19:47   #117
Registered User
Datum registracije: Dec 2008
Lokacija: zadar
Postovi: 55
Baš mi je drago da nisam imao posla sa lastPass-om. Igrom slučaja sam odabrao Bitwarden i ovaj put u potpunosti pogodio. Mislim ljudi čak plate pro verziju samo na ih podrže, što više dodati...
NoNic2 je offline   Reply With Quote
Staro 15.01.2023., 13:03   #118
The Exiled
Moj komp
The Exiled's Avatar
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 7,064
Još jedan probijeni password manager koji dolazi od firme koja u svoja "antivirusna rješenja" stavlja opciju rudarenja kriptovaluta.
NortonLifeLock warns that hackers breached Password Manager accounts
Gen Digital, formerly Symantec Corporation and NortonLifeLock (1 - 2), is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms. "Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said. "This username and password combination may potentially also be known to others."

More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts. The firm detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk. By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts.

For customers utilizing the Norton Password Manager feature, the notice warns that the attackers might have obtained details stored in the private vaults. Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more. NortonLifeLock underlines that the risk is especially large for those who use similar Norton account passwords and Password Manager master keys, allowing the attackers to pivot more easily.
Izvor: BleepingComputer
AMD Ryzen 7 Pro 4750G | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
AMD Ryzen 5 7600 | Noctua NH-U12A | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x10TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
The Exiled je online   Reply With Quote
Staro 25.01.2023., 14:59   #119
The Exiled
Moj komp
The Exiled's Avatar
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 7,064
LastPass saga je sve bolja i bolja.
LastPass parent company GoTo suffers data breach, customers' backups compromised
LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro,, Hamachi, and RemotelyAnywhere products, the company said. "The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information," GoTo's Paddy Srinivasan said.

Additionally, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted, although there is no evidence that the encrypted databases associated with the two services were exfiltrated. The company did not disclose how many users were impacted, but said it's directly contacting the victims to provide additional information and recommend certain "actionable steps" to secure their accounts. GoTo has also taken the step of resetting the passwords of affected users and requiring them to reauthorize MFA settings. It further said it's migrating their accounts to an enhanced identity management platform that claims to offer more robust security.

The enterprise software provider emphasized that it does store full credit card details and that it does not collect personal information such as dates of birth, addresses, and Social Security numbers. The announcement comes nearly two months after both GoTo and LastPass disclosed "unusual activity within a third-party cloud storage service" that's shared by the two platforms. LastPass, in December 2022, also revealed that the digital burglary leveraged information stolen from an earlier breach that took place in August and enabled the adversary to steal a massive stash of customer data, including a backup of their encrypted password vaults.
Izvor: The Hacker News
AMD Ryzen 7 Pro 4750G | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
AMD Ryzen 5 7600 | Noctua NH-U12A | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x10TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
The Exiled je online   Reply With Quote
Staro 25.01.2023., 17:01   #120
Registered User
kvaju's Avatar
Datum registracije: Jan 2008
Lokacija: Cirkus
Postovi: 633
Imao sam prije LastPass, i prije nekih 5 godina sam prešao na Bitwarden.
Nisam odmah brisao LP, dok se ne uvjerim da je BW ok, i da šifre budu tu još neko vrijeme.

No kako BW radio ok, smetnuo sam obrisati skroz LP, tek neki dan sam se logirao u LP i obrisao račun.

Šta bi radili na mom mjestu, da mjenjam šifre jer sam radio export iz LP u BW kada sam prelazio?

Sent from my Pixel 7 using Tapatalk
kvaju je offline   Reply With Quote
Oglasni prostor

Pravila postanja
Vi ne možete otvarati nove teme
Vi ne možete pisati odgovore
Vi ne možete uploadati priloge
Vi ne možete uređivati svoje poruke

BB code je Uključeno
Smajlići su Uključeno
[IMG] kod je Uključeno
HTML je Isključeno

Idi na