Recap for 3/21

Hello fellow club members!

Last March 11th, Syracuse University had two teams compete in the NCAE Cybergames Northeastern Regionals, a graduate team consisting of Jay, Khalid, Aniket, Karthik, Rahul, Saket, Chandan, and Priyansh, and an undergraduate team consisting of Jackson, Anthony, Fenya, Cameron, and myself. The undergraduate team managed to secure first place, and are invited to the national competition in Florida, expenses paid by NCAE. The graduate team scored third place, and were the only team to have a correctly-configured and scoring DNS server for a long period of the competition. Don’t forget to congratulate both teams for the amazing work they’ve done!

Last meeting, Tim Van Waes did his presentation on the recent LastPass data breaches. LastPass was hacked twice last year, once in August and the other time in November. During the second hack, hackers managed to get access to a backup of some customers’ vaults. Even if this reflects very poorly on LastPass, customers should theoretically be safe since the vaults are encrypted.

However, LastPass had some bad security practices, including keeping some vault info in the clear, keeping old accounts on a low number of PBKDF2 rounds, and not mandating old accounts follow their new password-strength requirements. Because of these bad practices, people with LastPass accounts are advised to change passwords they had stored in their account.

Tim also showed off a tool that converts the LastPass vault XML into a nice and easy-to-understand CSV file. The tool was almost completely made by ChatGPT! This goes to show that now more than ever, companies need to make sure to follow the best security practices available, as the barrier to entry for hacking is as low as ever.

Tim has given us a copy of his presentation, which we’ve added to our website’s Resources page.

For giving the presentation, Tim gets the Ted Talk Badge, available on our Community page:
Gold badge depicting a podium with the club logo

 

 

About The Author