Jump to content

Keeper Security files lawsuit against Ars Technica

Fabricio20
By Fabricio20
in Tech News
 Share
Posted

Tavis Ormandy, member of Google's Project Zero just tweeted about a Lawsuit filed by Keeper Security (Keepass) against Ars Technica on "Misleading Claims" for their "Windows Bundled App" Article.

 

On the original article by Ars Technica, they describe how Tavis Ormandy (re)discovered a flaw on Keepass after noticing that windows 10 was bundling the app after installation. According to Tavis, the flaw was exactly the same as one he had perviously disclosed (Issue 917), which had been patched by Keepass (back on August 2016).

 

Quote 

I remember filing a bug a while ago about how they were injecting privileged UI into pages
Quote 

I checked and, they're doing the same thing again with this version.

 

The article also indicates that this issue could have been avoided if Windows wasn't downloading the app without the user's consent, as it should only affect users that accepted to use the app by trusting it with their passwords.

 

Quote

Windows 10 users wouldn't have been vulnerable unless they opened Keeper, trusted it with their passwords, and followed prompts to install the browser plugin.

 

Today, however, Tavis Ormandy tweeted about the lawsuit which has been filed by Keeper Security (Owner of Keepass) against Ars Technica, this was followed by a link to the public case and later by the case's document.

 

s6vxC9btSHy_XB0rx3K3Tw.png

Original Tweet: https://twitter.com/taviso/status/943532596012638208

 

Case:

https://www.pacermonitor.com/public/case/23282996/Keeper_Security,_Incv_Goodin_et_al

 

Document:

https://www.documentcloud.org/documents/4333677-Keeper-Security-Inc-v-Goodin-et-al.html

 

The document reads:

Quote

On December 15, 2017 the ARS technica website made false and misleading statements about the Keeper sfotware Application suggesting that it had a 16-month old bug that allowed sites to steal users password.

Following with a claim for defamation, after acknowledging that Ars Technica had corrected some "Misleading Claims" on their article at least twice.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

So website lied and is somehow liable for the claim and can be brought to court? Doesn't freedom of speech apply?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Freedom of media/press that is, I guess "instead" of fixing their issue they decided to fix their public image?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 minutes ago, Matu20 said:

So website lied and is somehow liable for the claim and can be brought to court? Doesn't freedom of speech apply?

freedom of speech protects one from prosecution by the government for what one says, the government isn't sueing ars technica so the first amendment doesn't apply

desktop

Spoiler

r5 3600,3450@0.9v (0.875v get) 4.2ghz@1.25v (1.212 get) | custom loop cpu&gpu 1260mm nexxos xt45 | MSI b450i gaming ac | crucial ballistix 2x8 3000c15->3733c15@1.39v(1.376v get) |Zotac 2060 amp | 256GB Samsung 950 pro nvme | 1TB Adata su800 | 4TB HGST drive | Silverstone SX500-LG

HTPC

Spoiler

HTPC i3 7300 | Gigabyte GA-B250M-DS3H | 16GB G Skill | Adata XPG SX8000 128GB M.2 | Many HDDs | Rosewill FBM-01 | Corsair CXM 450W

 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×