The Other Kind of Hacker: Video Game Developers and Cybersecurity

A few days ago, it was announced that action RPG and multiplatform Korean gacha Genshin Impact had had its anti-cheat driver weaponized by ransomware developers, thanks to a vulnerability that had been discovered back in October of 2020.

Which, I should point out, isn’t an entirely new phenomenon. There’s literally a Metsploit module designed to take advantage of a vulnerability in an anti-cheat driver Capcom used for the Street Fighter V on PC. All this has happened before, all this will happen again. (Hopefully with a better ending, though.)

Continue reading “The Other Kind of Hacker: Video Game Developers and Cybersecurity”

LastPass, You’re Still Making Security Worse

The thing about password managers is that a security issue there tends to be significantly more severe than with most another applications on a device. Even if you all you get is data exfiltration…well, you’re still exfiltrating some pretty fucking important data.

Which is why this story about trackers in LastPass for Android…is less than encouraging.

Continue reading “LastPass, You’re Still Making Security Worse”

LastPass, You’re Making Security Worse

Apparently the free tier for the LastPass password manager is taking away the ability to use both the desktop and mobile apps. If you want your passwords to be available on both your phone and your computer, you’ll have to start paying. Which I don’t think is a good thing overall. So, I’m going to use this opportunity to scream into the void at LastPass* and pretend they’ll notice, let alone care.

Look, LastPass, I get it. Until we finally usher in the glory that is Fully Automated Luxury Gay Space Communism, you’ll still need to pay your employees so that they can keep themselves in craft beer and fancy pizza. But yanking away features like that unless people pay you isn’t good for anyone long-term. Not if you’re removing those features from a password manager.

Continue reading “LastPass, You’re Making Security Worse”