Lori A W ImdadMar 12, 2023
Just when you think you have a safe #passwordmanager this happens https://www.bleepingcomputer.com/news/security/bitwarden-flaw-can-let-hackers-steal-passwords-using-iframes/
I guess #nothingissafe. 🙃
I agree 100%
0%
Nah, it's not that bad
0%
I'm staying on the fence 50/50
0%
Poll ended at .
Bitwarden flaw can let hackers steal passwords using iframes

Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker.

BleepingComputer
Show threadtkteoMar 12, 2023
@shewritescyber we could set auto autofill to off regardless of which password manager is used.
Show threadLori A W ImdadMar 12, 2023
@tkteo: True, but the security breaches around password managers go beyond just autofill. For example CISA just warned about a Plex bug following the LastPass breach. For hackers breaching any of these is like winning the lotto.
Show threadtkteo

@shewritescyber ah! regarding LastPass and the role of the Plex RCE flaw and the devops and the lack of work and home devices segregation, yeah I have been following.

My belief, as stated in my mastodon profile, is indeed that there is no such thing as total security, no such thing as too secure -- I think we are in a continuum of insecurity.

So, yeah, I get your #nothingissafe stance, #everythinghassomeinsecurity , even air-gapping.

Mar 12, 2023 at 12:36pmWeb