Dr Rainer Woitok wrote: > Dale, > > On Wednesday, 2021-02-17 23:08:12 -0600, you wrote: > >> ... >> Still, they are closed source. If >> their code was open source then it could be that the hack would not have >> happened since someone would have spotted the hole the hackers used. > I don't think so. They hacked the Lastpass servers exploiting some vul- > nerability in some software running there ... Windows, Word, Excel, you > name it. Maybe they too used the bug in SolarWinds' remote maintenance > software, but then ... wasn't the Lastpass hack way earlier? > > Sincerely, > Rainer >
I did say it could have been found. Still, if they allowed their system/software to be tested by others, then even that security hole could have been found and fixed which would have prevented the hack. Regardless of this, they are closed sourced, they got hacked and it could have been prevented if they allowed others to see their code. That's one thing about open source software, there can be millions, ten of millions or more, of people looking at it. It reduces the odds of bad code lasting long. It can happen but it reduces it a lot. I still trusted Lastpass. I would still be using it except for the fact they decided to take away features I need unless I pay more than it is worth to me. Since I need to switch anyway, may as well find a open source option that has a better chance of having good code. Maybe it won't be hacked at all. One can hope. Dale :-) :-)
