« | Home | Categories | »

Security firm Keeper sues news reporter over vulnerability story

Posted on February 28th, 2018 at 11:14 by John Sinteur in category: News -- Write a comment


Keeper, a password manager software maker, has filed a lawsuit against a news reporter and its publication after a story was posted reporting a vulnerability disclosure.

Dan Goodin, security editor at Ars Technica, was named defendant in a suit filed Tuesday by Chicago-based Keeper Security, which accused Goodin of “false and misleading statements” about the company’s password manager.

Goodin’s story, posted December 15, cited Google security researcher Tavis Ormandy, who said in a vulnerability disclosure report he posted a day earlier that a security flaw in Keeper allowed “any website to steal any password” through the password manager’s browser extension.

Goodin was one of the first to cover news of the vulnerability disclosure. He wrote that the password manager was bundled in some versions of Windows 10. When Ormandy tested the bundled password manager, he found a password stealing bug that was nearly identical to one he previously discovered in 2016.

Ormandy also posted a proof-of-concept exploit for the new vulnerability.

The bug has since been fixed, according to Ormandy’s follow-up note, which triggered the release of the report. Goodin’s story was amended twice, which was noted in the story’s footer.


“This is bullying and Goodin is [definitely] def in the top 1 percent [of] knowledgeable journalists,” said Matthieu Suiche, founder of Comae Technologies, a Dubai-based security firm, in a tweet.

“If Keeper Security thinks this will make their software more secure, this will only irreversibly damage their reputation as a security company,” he added.


  1. Honestly no one has convinced me a password keeper is any safer. To me it’s just one more password to keep track of and change every 90 days. I manage my passwords quite well.

previous post: Arctic temperatures are so high they’re shocking scientists

next post: Facebook’s Mandatory Malware Scan Is an Intrusive Mess