Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Firm Keeper Sues News Reporter Over Vulnerability Story (zdnet.com)

Posted by msmash on from the when-in-a-hole,-stop-digging dept.

Zack Whittaker, writing for ZDNet: Keeper, a password manager software maker, has filed a lawsuit against a news reporter and its publication after a story was posted reporting a vulnerability disclosure. Dan Goodin, security editor at Ars Technica, was named defendant in a suit filed Tuesday by Chicago-based Keeper Security, which accused Goodin of "false and misleading statements" about the company's password manager. Goodin's story, posted December 15, cited Google security researcher Tavis Ormandy, who said in a vulnerability disclosure report he posted a day earlier that a security flaw in Keeper allowed "any website to steal any password" through the password manager's browser extension.

5 of 73 comments (clear)

  1. Paging Ms Streisand... by Harold+Halloway · · Score: 4, Insightful

    Is there a B. Streisand in the house?

    1. Re:Paging Ms Streisand... by someone1234 · · Score: 3, Insightful

      It looks like these Keeper guys got a record for suing experts or reporters. They should spend more on programmers and less on lawyers.

      --
      Patents Drive Free Software as Hurricanes Drive Construction Industry
  2. Keeper has no case by techdolphin · · Score: 5, Insightful

    This is an attempt by Keeper to shut down critical articles. While Ars Technica and Dan Goodin must respond, Keeper has no case. To prove libel, the plaintiffs must prove that publication or writer purposely wrote false statements or had malicious intent. Goodin quoted a security expert, and was reporting on the expert's opinion. Keeper will lose and lose big.

  3. Re:No Security by Hal_Porter · · Score: 3, Funny

    Security.txt is basically howtospamme.txt

    https://www.bleepingcomputer.c...

    You could just as easily have a Contacting Us page. Make sure your email address doesn't appear in an un-obfuscated form in it so it can't be harvested. E.g. for javascript build it up from a few fragments, for noscript change the @ and . characters into an image.

    security.txt is dumb because it includes your email address and phone number in form that is very easy for a script to grab.

    Google doesn't have one, but then Google doesn't employ anyone the public can contact anyway

    https://www.google.com/securit...

    Neither does slashdot, but then slashdot doesn't employ anything than can pass a Turing Test.

    https://slashdot.org/security....

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  4. Not buying it now! by Thruen · · Score: 4, Insightful

    I'm actually in charge of finding a new password manager for the small business I work at and Keeper was one of the few I'd narrowed my choices down to. They just knocked themselves off that list. My company is small and that's no huge loss for them, but I know I'm not the only person making that choice. Now, had they responded to this stating they're temporarily disabling the browser extension while they work on a fix, they'd still be on the list. When are companies going to learn that trying to shut down bad publicity is the worst publicity of all?