On December 15, Ars Technica ran a story by veteran security reporter Dan Goodin in which Goodin reported on a disclosure by Google researcher Tavis Ormandy, who had discovered that Keeper Security's password manager, bundled with Windows 10, was vulnerable to a password stealing bug that was very similar to a bug that had been published more than a year before.
Ormandy had reported the bug to Keeper Security in advance of publication and waited until the company had issued a patch to disclose it.
Keeper Security has filed a lawsuit in Illinois (where it is based) against Goodin and Ars Technica, alleging that the factual report of the defects in its products "made false and misleading statements about the Keeper software application suggesting that it had a 16-month old bug that allowed sites to steal user passwords."
Keeper Security previously threatened to sue Fox IT, a security research firm, over publication of another defect in its products.
Illinois has good anti-SLAPP laws, which protect critical speech from legal attacks that try to outspend critics, which bodes well for Ars and Goodin. In the meantime, the lawsuit has attracted critical attention to Keeper Security, as security journalists and researchers speak out against "ridiculous" actions that are tantamount to "bullying."
Keeper Security Inc v Goodin et Al
Security firm Keeper sues news reporter over vulnerability story [Zack Whittaker/Zdnet]
Hacking Team (previously) was an Italian company that developed cyberweapons that it sold to oppressive government around the world, to be used against their own citizens to monitor and suppress political oppositions; in 2015, a hacker calling themselves "Phineas Fisher" hacked and dumped hundreds of gigabytes' worth of internal Hacking Team data, effectively killing the […]
Gwern Branwen asks the deceptively simple question "How many computers are in your computer?"
The US credit card industry was a very late adopter of security chips, lagging the EU by a decade or so; when they did roll out chips, it was a shambolic affair, with many payment terminals still not using the chips, and almost no terminals requiring a PIN (and some require a PIN and a […]
In case you hadn’t noticed from the sleigh bell-heavy music and the hues on your Starbucks cup, the holiday season hasn’t shown any more patience this year. But that doesn’t need to be a bad thing, especially if you’re hoping to get a jump on your shopping. Retailers aren’t waiting til Black Friday to dish […]
What do you get for the techie who has everything? How about giving them a Raspberry Pi and letting them make pretty much anything. Or better yet, do it for yourself with the Ultimate Raspberry Pi eBook Bundle. This trove of ideas and education unlocks the unlimited potential of this mini-computer, whose affordability and versatility […]
Note-taking just caught up to the digital age. For most of us, writing freehand is quicker and more convenient than pecking away on a tablet, but what to do when you need those scribbles on file? Grab a Rocketbook Everlast Reusable Notebook, which seamlessly fuses analog and digital notes. Just jot down your thoughts, journals […]