Keeper

Today when we use our equipment, we make use of sensitive content, sometimes without realizing it. Our equipment, be it laptops, tablets, mobiles or even televisions, sound equipment. A good number of them host email passwords, email accounts, Wi-Fi networks and their keys, personal access codes… We could go on and the list would be enormous .

If we focus on laptops and mobile devices with their operating systems, we see how brands increasingly try to improve the management of said data. They seek, on the one hand, that we trust our teams to store our entire digital life, offering the appropriate tools and, at the same time, they seek to guarantee that their management is secure, that our data will always be safe.A problem arises when sometimes this is not the case and that is what seems to happen with Keeper, the key manager that is included in Windows 10

Keeper is a third-party _software_ for password management, (lifelong _bloatware_) which partly blames the of Redmond from the controversy. A _software_ similar to 1Password, to give just one example. And it is that going into the matter, apparently Keeper has an important vulnerability, a defect that has been discovered by the Project Zero researcher (under the hand of Google), Tavis Ormandy, and that can make our login keys completely unprotected. Let's think about the amount of information we can have in that section and its sensitivity.

Touch update

Google already warned about the bug that affected Explorer and Edge and now it is once again shining a light on Microsoft, in this case on Keeper. To this end, Ormandy stated that after installing a copy of Windows 10 without any modification, the password manager that comes pre-installed suffers from a security flaw that can make any web page access our datalogin of any service we have stored.

The threat still exists on installable versions of Windows that do not have the security patch or fixed version of Keeper

Once the critical bug was discovered, it was reported to Microsoft (and the 90-day deadline was given) for the Keeper developers to remedy it by launching a Update released just 24 hours after receiving communication.The patch is also accompanied by an _update_, version 11.3, which is automatically installed on computers that have Keeper without the user having to intervene in the process.

The problem is that if you do a clean install of Windows 10, the bug is still present as long as you don't update the application , since the already released versions of Windows 10 do not have the security patch included. In this sense, if you have just installed a copy of the Microsoft operating system, keep an eye on the updates and update all the security patches that you have pending as soon as possible.

Source | HackRead In Genbeta | Project Zero: Google's hacker team to improve Internet security