Keeper password manager: once again no security

The developer of Keeper password Found once more not to be so interested in safety. This time, he was using a server that allowed anyone to access and replace files with malicious content, according to a security researcher.Keeper

Chris Vickery, who discovered the exposed server, immediately notified ZDNet that it attempted to contact Keeper by phone and email on Friday. An hour after the revelation, Mr was insured.

However, the director of Aaron Gessner refused any allegations.

The Chicago-based company has a storage server on Amazon S3 to host installers for its various supported platforms.

But the server was not password protected and gave access to anyone and "full control" over its content, (reading, replacing and deleting files).

Many of the files included installers for Windows, Mac, Android, and iPhone. A file on the server had a private signing certificate published by Apple. The certificate can be used to sign the company's iPhone apps, and was issued to Callpod Inc., a company founded by Keeper chief Darren Guccione.

Naturally, a specialized attacker could replace a legitimate iPhone or iPad install program with a malicious file.

Let's say the Keeper application developer recently sued τον ερευνητή ασφαλείας της Ars , And Goodin, because he published a vulnerability he discovered in the program's extension of the Keeper password manager.

Although the company confirmed the vulnerability, it filed a lawsuit against Goodin for allegedly making "false and misleading statements about the Keeper application."

The news caused many in the security community, which criticized the company's response. Many high-level researchers and well-known figures in the community have claimed that such an action will likely have adverse effects on future security investigations and vulnerability disclosures.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).