![]() ![]() It's pretty old, but it seems URLs are technically the only unencrypted field but there is a lot of other unencrypted metadata as well. I'll update it here if I hear anything further.Įdit 2: Friend of mine sent me this unofficial documentation of the vault format. I personally don't fully trust this answer. ![]() Take this with a grain of salt, but they said that website URLs were the only unencrypted field. I can think of 1000 ways to use this to make a very convincing phish (such as with a fake autofill), and that's before you do stuff like sniff the URLs for tokens or query params.Įdit: I talked to a LastPass support rep. Thanks for flying air /r/netsec || CISO AMA w/ Michael Coates & Rich Mason.r/vrd - Vulnerability Research and Development r/rootkit - Software and hardware rootkits r/REMath - Math behind reverse engineering r/netsecstudents - netsec for noobs students r/Malware - Malware reports and information r/crypto - Cryptography news and discussion We're also on: Twitter, Facebook, & Google + Related Reddits » Our fulltext list of prohibited topics & sources Social No populist news articles (CNN, BBC, FOX, etc.) » Our fulltext discussion guidelines Prohibited Topics & Sources » Our fulltext content guidelines Discussion Guidelinesĭon't complain about content being a PDF.įollow all reddit rules and obey reddiquette. Hiring posts must go in the Hiring Threads. Non-technical posts are subject to moderation. r/netsec only accepts quality technical posts. "Give me root, it's a trust exercise." Featured Posts A community for technical news and discussion of information security and closely related topics. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |