Security Firm Keeper Sues News Reporter Over Vulnerability Story

Zack Whittaker, writing for ZDNet: Keeper, a password manager software maker, has filed a lawsuit against a news reporter and its publication after a story was posted reporting a vulnerability disclosure. Dan Goodin, security editor at Ars Technica, was named defendant in a suit filed Tuesday by Chicago-based Keeper Security, which accused Goodin of "false and misleading statements" about the company's password manager. Goodin's story, posted December 15, cited Google security researcher Tavis Ormandy, who said in a vulnerability disclosure report he posted a day earlier that a security flaw in Keeper allowed "any website to steal any password" through the password manager's browser extension.

Re:No Security

[Hal_Porter]

Security.txt is basically howtospamme.txt

https://www.bleepingcomputer.c...

You could just as easily have a Contacting Us page. Make sure your email address doesn't appear in an un-obfuscated form in it so it can't be harvested. E.g. for javascript build it up from a few fragments, for noscript change the @ and . characters into an image.

security.txt is dumb because it includes your email address and phone number in form that is very easy for a script to grab.

Google doesn't have one, but then Google doesn't employ anyone the public can contact anyway

https://www.google.com/securit...

Neither does slashdot, but then slashdot doesn't employ anything than can pass a Turing Test.

https://slashdot.org/security....