Gadgetory

a couple of big flaws in a password manager are now fixed security researcher Matthias Carlson found a flaw in the password manager LastPass what he found was a bug that allowed him to get passwords due to last passes autofill function when you use the LastPass you have an option for the extension to automatically fill out your credentials Carlson found that LastPass would look at only part of a web address to determine whether to fill out forms so he tested it sure enough that top-level URL did not determine whether the last password autofill information the password manager could be fooled if a URL included other language in short a last fast user could have their information compromised by visiting a malicious site if they weren't paying attention to the address bar the researcher reported this at last pass and the issue was fixed in under a day LastPass says that all browser clients were updated and its users do not to do anything to be protected Carlson received a bug bounty of 1000 dollars many companies reward people for reporting bugs for example google says it typically pays from $500 to $100,000 for certain bug reports related to its browser chrome speaking of Google another bug was found by a Google security team researcher related to last passes Firefox add-on this flaw could allow remote control of a user's LastPass account the company has already pushed a fix to users if you use Firefox and you want to check if your updated you can go to LastPass calm slash LastPass FFX and a word of general advice pay attention to addresses in your browser that's it for this tech news update I'm Maya's akhtar and you can stay on top of the biggest stories at cnet.com slash of date