Keeper, a password supervisor utility maker, has filed a lawsuit in opposition t a news reporter and its ebook after a narrative turned into posted reporting a vulnerability disclosure.
Dan Goodin, security editor at Ars Technica, changed into named defendant in a go well with filed Tuesday by Chicago-based Keeper protection, which accused Goodin of “false and deceptive statements” in regards to the enterprise’s password supervisor.
Goodin’s story, posted December 15, mentioned Google security researcher Tavis Ormandy, who stated in a vulnerability disclosure report he posted a day previous that a security flaw in Keeper allowed “any web page to steal any password” in the course of the password manager’s browser extension.
Goodin turned into some of the first to cover information of the vulnerability disclosure. He wrote that the password manager was bundled in some models of home windows 10. When Ormandy validated the bundled password supervisor, he found a password stealing trojan horse that turned into almost just like one he in the past discovered in 2016.
Ormandy additionally posted a proof-of-concept take advantage of for the brand new vulnerability.
The worm has due to the fact been fixed, based on Ormandy’s observe-up observe, which triggered the unencumber of the record. Goodin’s story become amended twice, which was referred to within the story’s footer.
Keeper confirmed the trojan horse became fixed in its personal weblog post, which stated “no clients were adversely littered with this capabilities vulnerability.”
Keeper said in its lawsuit that Goodin and his organization, tech web page Ars Technica, additionally named as defendant, “made false and misleading statements in regards to the Keeper utility application suggesting that it had a sixteen-month ancient bug that allowed sites to steal person passwords.”
The protection enterprise asserts claims for defamation, and calls for a jury trial. The go well with additionally calls for the retraction and removing of the article, and to award damages to Keeper. the total criticism may also be discovered here.
Keeper chief executive Darren Guccione reiterated the company’s claims in an e-mail sent to ZDNet, adding that it “vigorously defends its know-how, manufacturer, crew individuals and purchasers.”
Ken Fisher, editor-in-chief for Ars Technica, did not automatically return a request for remark by electronic mail. Ormandy referred comment to Google, which declined to remark. We additionally reached out to Microsoft for comment but did not hear lower back. (If that alterations, we will update.)
a few security specialists and researchers on Twitter decried the lawsuit.
“here’s bullying and Goodin is [definitely] def within the appropriate 1 % [of] a professional journalists,” referred to Matthieu Suiche, founder of Comae technologies, a Dubai-based safety enterprise, in a tweet.
“If Keeper safety thinks this will make their application greater at ease, this can most effective irreversibly harm their popularity as a protection business,” he added.
Kim Zetter, an independent protection reporter, observed in a tweet that the suit became “ridiculous.”
“What a nasty precedent here’s for a security enterprise to set and what a dishonorable option to treat a journalist who has coated safety for years and takes high-quality pains to get things appropriate,” she introduced.
It remains unclear how a hit the swimsuit should be. Illinois, the place the case is filed, is said to have “decent” laws to give protection to in opposition t so-called strategic complaints against public participation, largely viewed as how to offer protection to free speech.
Keeper threatened to sue safety company Fox-IT for finding a security flaw in a single of its products.
The case is 1:17-cv-09117 in the northern district of Illinois.