Notice of Recent Security Incident.......LastPass

I'm moving as fast as I can. The wind is rocking my house. It's amazing. It's the midst of a 'bomb cyclone' and I'm well and truly impressed with Mother Nature.
... and I am well and truly impressed that you still have connectivity. ;-)
 


Yup... My cell is out, barely loading pages. I'll be back, probably tomorrow.


That's the article.
 
Grab and hug Toto and your wife (I'll leave the order to you).

When you land, follow the yellow brick road, it runs past my place.

wizardfromoz
 
My cell is dropping the connection and reconnecting a few minutes later.

So, I'm not technically gone - but I'm gonna be gone before long. It's gonna happen.

I have to press the post reply button and wait, and wait, and wait - and then do it again.

We Mainers (there's a few of us) are getting hammered.
 
Well, that wasn't too bad. I think the batteries are worn out at the nearest tower. I'll call 'em on Monday.
 
Well, that wasn't too bad. I think the batteries are worn out at the nearest tower. I'll call 'em on Monday.
Eh don't bother. There are plenty of entitled nutjobs pressuring them to move their asses and get full service restored.
 
Eh don't bother. There are plenty of entitled nutjobs pressuring them to move their asses and get full service restored.

It'd be a bit of a safety issue for some folks near me - those who don't have land lines. If the tower's down, not even 911 will work. I'm on the last tower in this direction - for a long ways. If you drive past where I live, you'll lose cell service for at least an hour, but longer if you go another route.

Then, we lose power for long stretches and with great frequency. The longest I've seen the power go down was 14 days and 15 nights. That's what prompted me to do the wind and solar thing, along with the storage in the basement. So long as some sunshine gets through, and so long as the winds blow, I should have power. If that all fails, I have a 'house generator' that runs on diesel so is fine running off the heating oil.

I figure if my 'net goes down, I can at least watch movies and live in relative comfort.

Where I live is very remote, very windy, gets a goodly amount of snow, and is heavily forested. If we count all the little outages (six hours or less), we probably lose power once every two weeks during the winter and spring. I love it, but it does have some downsides.

This year, they've been pretty good about getting my power restored, but now the cell tower is going down within a few hours of mains power going down. It should have battery backup that will last for days, though some use generators.
 
I understand that. Being from the countryside myself, I know what its like when a tower goes down and there's no backup.

What I'm trying to tell you is there are spoiled brats and princesses out there yelling profusely at customer service that they are on the brink of a seizure because they haven't been able to access their social media accounts for more than 15 minutes.

Those screaming undeserving consumers of oxygen will do more to get your net back online than any amount of talking you could possibly muster. Just sit back, relax and let the clowns do all the work for you as there is likely nothing you can do to accelerate the repairs.
 
I've been using KeePass for a while, now. It works on Linux. Windows. And there's even an android app. My saved key database works just fine between all three.
 
 
I've been using KeePass for a while, now. It works on Linux. Windows. And there's even an android app. My saved key database works just fine between all three.
How do you share the keepassdb between devices and what if you are out of the house and are at work and want to log into a website on a pc at work where you need to login into a website for something personal?

I'm currenty using Bitwarden Premium but 'm also looking looking at trying to test a self hosting setup with VaultWarden
 
Last edited:
How do you share the keepassdb between devices and what if you are out of the house and are at work and want to log into a website on a pc at work where you need to login into a website for something personal?

I'm currenty using Bitwarden Premium but 'm also looking looking at trying to test a self hosting setup with VaultWarden
There's a file (a kdbx file) that I can transfer between devices. I keep a copy of my kdbx file in the cloud, so if I need to, I can install KeePass anywhere and grab and download the kdbx.
 
I keep a copy of my kdbx file in the cloud.
Still a cloud even though it's not a Password Manager cloud, but less of a target for hackers but still more of target since cloud accounts are still interesting enough for the attention of hackers since clouds contain more data to steal than something you self-host.
 
True, but they would first have to get the file, then decrypt the database. It's another layer
 
I don't think people here quite grasp the magnitude of the threat. Do you believe that those exfiltrated vaults are in the hands of a script kiddie who will attack the vaults one by one with their school Chromebook? ... and they (the vaults) will remain only in their hands?

I could say a lot more about it, but the best thing is to repeat myself yet again:
  • Change your Master Password now.
  • Change every password in your vault (both in the vault and the associated website) as quickly as you can. That means now.
  • Stop using internet-based password vaults.
The clock is ticking. You have been warned, multiple times.
 
I don't think people here quite grasp the magnitude of the threat. Do you believe that those exfiltrated vaults are in the hands of a script kiddie who will attack the vaults one by one with their school Chromebook? ... and they (the vaults) will remain only in their hands?

I could say a lot more about it, but the best thing is to repeat myself yet again:
  • Change your Master Password now.
  • Change every password in your vault (both in the vault and the associated website) as quickly as you can. That means now.
  • Stop using internet-based password vaults.
The clock is ticking. You have been warned, multiple times.
I got a better idea. Stop using that scam altogether. You're paying for something that isn't worth the gnawed bones of your last meal.
 
On the aftermath of LastPass data breach, a video on how to choose password manager:
 
On the aftermath of LastPass data breach, a video on how to choose password manager:
[YouTube video link, see above]
The video above is worth your time to watch whether you are a beginner or not.

I am very impressed with the organization and content of this video. I expected useless "influencer fluff" based on the image. I was wrong. Even if you are well-versed in the art, this is worth your time to watch, because it organizes the material so well.

If you must have criticism, then: (a) The video could have been shorter with the same content, and (b) Beginners may not understand all of the technical details. Beginners should watch it anyway.

(I do not recall ever recommending a video like this before. Paraphrasing a favorite quote: "YouTube is filled with thousands of videos on security. Hundreds of them are good." In my opinion this video is one of the few good ones. Ignore the "style" and focus on the content.)
 
I've always thought it was a dumb idea for anyone to store passwords on an online password account or use a password manager.

I'll stick to my old fashion way of keeping passwords which hasn't failed me yet.

Write them in a ledger and make a few copies a store them in different safe places which you can access easily if and when needed.
 
@sphen, I very much agree with your summation of that youtube video's content

(The narrator.....I would murder her before her voice drove me to distraction.)(jokeing!!)

The article/video...Very, very serious food for thought.
 
Last edited:

Staff online

Members online


Latest posts

Top