The Hidden Flaw in Your Password Manager
▼ Summary
– An FBI informant allegedly facilitated the sale of fentanyl-laced pills on the Incognito dark web market, while a DOJ probe examines Jeffrey Epstein’s ties to friendly CBP officers years after his conviction.
– A new study reveals cryptographic flaws in major cloud-based password managers like Bitwarden, Dashlane, and LastPass, undermining their “zero knowledge” security claims and potentially exposing user credentials.
– Defcon banned three individuals, Vincent Iozzo, Joichi Ito, and Pablos Holman, due to their extensive, post-exposure ties to Jeffrey Epstein, as revealed in newly released documents.
– The U.S. State Department reregistered “freedom.gov” to create an anti-censorship online portal, potentially using VPN technology to bypass geoblocks and show content banned in other countries.
– Other security news includes a DHS plan to centralize biometric data, a massive data leak exposing personal information, and the use of robot dogs for security at a 2026 World Cup venue.
Password managers are widely considered an essential tool for creating and storing strong, unique credentials for every online account. However, a significant vulnerability lies not with the user, but with the service providers themselves. A recent study from security researchers at ETH Zurich and USI Lugano reveals that the “zero knowledge” encryption claims made by many popular cloud-based password managers often contain critical flaws. The analysis focused on services like Bitwarden, Dashlane, and LastPass, finding that in certain configurations, attackers could potentially access a user’s entire password vault or even modify its contents. These vulnerabilities frequently arise when specific features, such as password recovery systems, are enabled, highlighting a concerning lack of rigorous scrutiny behind some of the industry’s most important security promises.
In other security news, a nonprofit called the Fulu Foundation is offering a bounty for anyone who can find a method to use Ring cameras without allowing them to transmit data to Amazon. Meanwhile, the Mexican city of Guadalupe plans to deploy four robot dogs to enhance security at its stadium during the 2026 World Cup.
Separately, the Defcon hacker conference has officially banned three individuals with documented ties to the late Jeffrey Epstein. The banned parties include cybersecurity entrepreneur Vincent Iozzo, former MIT Media Lab director Joichi Ito, and tech investor Pablos Holman. These actions follow the release of Justice Department documents detailing their associations with Epstein, which continued long after his criminal activities were publicly known.
On the governmental front, the US State Department has reportedly revived the domain “freedom.gov” as part of an initiative to build an anti-censorship online portal. According to reports, this portal may use technology like VPNs to help users in regions like Europe access content restricted by their governments, potentially including material related to hate speech or terrorism. This development arrives as many other US-funded internet freedom programs have been discontinued, and could further strain diplomatic relations over differing approaches to online content regulation.
A recent airspace shutdown over New Mexico and El Paso, initially prompted by fears of cartel drone activity, ultimately demonstrated the difficulties of safely operating anti-drone weapons near populated areas. In a separate but recurring issue, a massive database containing billions of records with sensitive personal information like passwords and Social Security numbers was found exposed online, representing a persistent identity theft risk even if the data has not yet been actively exploited by criminals.
These events collectively underscore the complex and evolving challenges in digital security, from the tools we trust to protect our credentials to the geopolitical tensions shaping internet access worldwide.
(Source: Wired)
