Tag: Security

LastPass Breach… Is Your Data Safe?

As you may have heard, LastPass has been breached for the second time in three months. It is suspected that the second attack was by the same bad actor as the first, using information acquired during the initial breach.

Back in August 2022 LastPass said that an unauthorized party “gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information” and their security measures “prevented the threat actor from accessing any customer data or encrypted password vaults.”

LastPass posted a Notice of Security of this latest incident saying: “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”

In an interview, LastPass CEO Karim Toubba said “We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.”

LastPass available on Windows, MacOS, and mobile devices.  Source: LastPass.com
LastPass available on Windows, MacOS, and mobile devices. Source: LastPass.com



According to LastPass, customer data was accessed by the attacker, however, user data is encrypted. The end user’s LastPass password is an integral part of that encryption process. This means that even LastPass should not have the ability to decrypt user data stored on their service.

How to protect yourself?

LastPass recommends (and has done so for a very long time) that all users turn on multi-factor authentication for account access. This will effectively eliminate the risk of unauthorized access to customer data.


It is also recommended to not allow the LastPass mobile app or browser plug-ins to remember your password, as this creates a major vulnerability to anyone with access to that computer or mobile device.

Permanent link to this article: https://www.robertborges.us/2022/12/news/lastpass-breach-is-your-data-safe/

Azure Site-to-Site VPN

Microsoft Azure gateway objects give the ability to configure site-to-site or device-to-site VPN (virtual private network) connections. With a site-to-site VPN, your physical network will be connected to your Azure hosted virtual network. This is an easy way to create a hybrid cloud environment, where some of your servers are on your local network, and some hosted as Azure Virtual Machines. Setting up a site-to-site network will allow these servers to communicate with each other, and allow client workstations to communicate with the Azure hosted Virtual Machines as if they were locally on your LAN. Continue reading

Permanent link to this article: https://www.robertborges.us/2016/03/cloud-computing/azure-site-to-site-vpn/

Bring Your Own Device (BYOD): Is BYOD Bad for Your Company?

Microsoft Surface RT Tablet

Microsoft Surface RT Tablet

Until recently when we thought of computing devices, we usually thought of PCs and laptops. Today, with tablets and smart phones selling in the millions on opening weekend, we have a very different picture of what a computing device is.

If you’re not familiar with it, BYOD (Bring Your Own Device) is the idea of using a consumer computing device (such as an iPad or Surface RT tablet) to get work done, either in the office, at home, or on the road. Most of these devices were not designed to “get work done”, but instead to consume content (ex: checking email, reading news websites/apps, etc.). These devices are not managed, and may not have even the most basic security features enabled. This can spell disaster for any corporate network. Continue reading

Permanent link to this article: https://www.robertborges.us/2012/11/cloud-computing/bring-your-own-device-byod-is-byod-bad-for-your-company/

Preventing Pop-ups and fake security

We have become so dependent on this electronic world we have built.  With such critical information as medical records and banking, it is imperative that we protect ourselves from the many cyber threats lurking at every turn.  

Common variants of these cyber threats are pop-ups and fake security applications (ie. fake anti-virus, fake anti-spyware, and fake anti-malware). The best way to stop these threats is to prevent them from ever taking hold of your system in the first place. Continue reading

Permanent link to this article: https://www.robertborges.us/2012/10/it-security/preventing-pop-ups-and-fake-security/

What is FOPE (Forefront Online Protection for Exchange)?

Forefront Online Protection for Exchange (FOPE) is one of the unsung heroes of the Microsoft Exchange world.

If you’ve been running Microsoft Exchange for your organization, chances are you’ve heard of Forefront Protection for Exchange. This is a software which sits on servers in the datacenter and monitors all incoming and outgoing email to protect against spam and malware threats (among other threats). One of the biggest concerns I hear from administrators, when considering email protection, is not feeling comfortable enough with their security experience to be responsible for something so critical as Forefront Protection for Exchange.

Continue reading

Permanent link to this article: https://www.robertborges.us/2012/03/it-security/what-is-fope-forefront-online-protection-for-exchange/