Should you still trust your password manager?

Описание: In this episode, Greg explores the gap between password manager marketing claims of “Zero Knowledge Encryption” and the reality uncovered by Swiss researchers who found 25 attacks against Bitwarden, LastPass, and Dashlane. Professor Kenny Patterson joins Greg to discuss why the industry’s “honest-but-curious” security model is dangerously inadequate compared to a “malicious server” threat model, diving into three critical vulnerability categories: account recovery mechanisms that allow attackers to swap encryption keys, seemingly innocent features like icon fetching that leak passwords, and “vault malleability” where individual item encryption lets attackers cut-and-paste data between vault fields. They also discuss how legacy code support and backwards compatibility create cryptographic hazards, and what non-negotiable features are needed to build a truly “provably secure” password manager from scratch.

In our reporter chat, Greg talks to Matt Kapko about China’s new version of Brickstorm.

Links
• ETH paper: https://eprint.iacr.org/2026/058.pdf
• Bitwarden response: https://bitwarden.com/blog/security-t...
• Dashlane response: https://www.dashlane.com/blog/zero-kn...
• LastPass response: https://blog.lastpass.com/posts/detai...
• 1Password response: https://1password.com/blog/eth-zurich...
• Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed: https://cyberscoop.com/china-bricksto...

#cyber #password #passwordsecurity #cybernews #cybernews #china #zeroday #eth #news #podcast

Follow CyberScoop on Social Media
•   / cyberscoopnews  
•   / cyberscoop  
•   / cyberscoop  
•   / cyberscoopnews  
•   / cyberscoopnews  
• https://bsky.app/profile/cyberscoop.b...

About Safe Mode
Every week we break down the most pressing issues in technology, provide you with the knowledge and tools to stay ahead of the latest threats and take you behind the scenes of the biggest stories in cyberspace. https://cyberscoop.com/show/safe-mode/