Notices by Eric Capuano (eric_capuano@infosec.exchange)

Embed this notice
Eric Capuano (eric_capuano@infosec.exchange)'s status on Sunday, 28-Jul-2024 00:40:51 JST Eric Capuano
in reply to
- Jake Hildreth (acorn) :blacker_heart_outline:
- Tyson, Chicken Rancher ?
@horse @tsupasat touché - I see your point.

In conversation about 4 months ago from infosec.exchange permalink
Embed this notice
Eric Capuano (eric_capuano@infosec.exchange)'s status on Saturday, 27-Jul-2024 06:18:37 JST Eric Capuano
in reply to
- Jake Hildreth (acorn) :blacker_heart_outline:
- Tyson, Chicken Rancher ?
@horse @tsupasat It's a default part of the OS install from what I understand. I am not aware of a standard Windows desktop/server flavor that ships without it, but I could be mistaken.

In conversation about 4 months ago from infosec.exchange permalink
Embed this notice
Eric Capuano (eric_capuano@infosec.exchange)'s status on Wednesday, 24-Jan-2024 17:02:47 JST Eric Capuano

Looking for tips/advice...
A friend of a friend had their Apple ID stolen via social engineering attack. Attacker changed the recovery email/phone number associated so the owner is completely locked out. Person is able to show purchase history proving account ownership but Apple is telling them to pound sand. 🤦
Anybody dealt with something similar and know how to get Apple to care enough to assist?

In conversation about 10 months ago from infosec.exchange permalink
Embed this notice
Eric Capuano (eric_capuano@infosec.exchange)'s status on Thursday, 30-Nov-2023 23:59:11 JST Eric Capuano

My #1 played song of the year... never gets old.
Start your Thursday with this banger.
https://open.spotify.com/track/3E29tmx9ACf8dboFA2pIIu?si=5208ed61f87d4706
In conversation about a year ago from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: i.scdn.co
  
  Aftergold - obli Remix
  
  Big Wild · Song · 2020
Embed this notice
Eric Capuano (eric_capuano@infosec.exchange)'s status on Saturday, 24-Dec-2022 17:08:59 JST Eric Capuano
Ok, I was tired of rumors speculating about which #LastPass fields appear to be encrypted client-side before being sent to LastPass, so I ran some tests of my own.
For a basic "Password" item, here is what I can tell so far.
When saving the item, the following primary fields are transmitted encrypted:
- Name
- Extra (Notes field)
- Username
- Password
- TOTP (not in this screenshot, but did test)
However, I also observed the following fields having a cleartext (hex) version in the payload as well:
- Name
- Username
- URL
- Folder Name (not hex)
So in other words, there is more than just the URL being transmitted to LastPass in the clear, which makes sense because LastPass' Admin console reveals login activity for all users which includes Name, Username, and URL of the login event; so naturally, these things must be transmitted and kept server-side outside of the vault. However, this once again does go against their "zero-knowledge of anything in your vault" marketing...
Screenshots of this test below. I have omitted the encrypted data to prevent revealing enough for a "Known Plaintext Attack" to derive a key, but the relevant pieces are visible.
If I am missing anything here, do let me know.
#LastPassHack #LastPassBreach
In conversation Saturday, 24-Dec-2022 17:08:59 JST from infosec.exchange permalink
Attachments
1. Screenshot of a LastPass vault item being saved, and the corresponding web request showing encrypted and unencrypted data in the payload.
  https://media.infosec.exchange/infosecmedia/media_attachments/files/109/567/093/075/081/987/original/d70ef321b75606ad.png

Public

Notices by Eric Capuano (eric_capuano@infosec.exchange)

User actions

Following 0

Followers 0

Groups 0

Statistics

Feeds