Reader mask.of.sanity writes:Interestingly, Mathias Karlsson, a security researcher has also independently found flaws in LastPass. In a blog post , he wrote that he was able to trick LastPass into believing he was on the real Twiter website and cough up the users' credentials of a bug in the LastPass password manager's autofill functionality. LastPass has fixed the bug, but Karlsson advises users to disable autofill functionality and use multi-factor authentication. At this point, it's not clear whether Ormandy is also talking about the same vulnerability.