Security Market Segment LS
Thursday, 21 December 2017 08:54

Ars Technica's Goodin sued by security firm


Security firm Keeper Security has sued Ars Technica security editor Dan Goodin, accusing him and his employer of defamation, violation of the Illinois Deceptive Trade Practices Act and commercial disparagement under Illinois law.

The suit was filed in the US District Court for the Northern District of Illinois Eastern Division.

The company took exception to an article written by Goodin on 16 December which described a critical bug in the Keeper Password Manager bundled with Windows 10; the flaw was discovered by Google Project Zero researcher Tavis Ormandy.

The article, headlined "For 8 days Windows bundled a password manager with a critical plugin flaw", was revised twice to include comment from Keeper and Microsoft, and also to remove a characterisation that Keeper was forced on some Windows 10 users.

An abstract under the heading read: "Plugin for Win 10 version of Keeper had bug allowing sites to steal passwords."

The initial headline read: "Microsoft forced users to install a password manager with a critical flaw." The abstract read: "Win 10 version of Keeper had bug allowing sites to steal passwords."

The revisions also sought to clarify how long the pre-bundled version was vulnerable and to define the role of the browser plugin.

In the lawsuit, Keeper claimed Goodin and Ars Technica had published the article knowing and intending that it would be read by Illinois residents cause injury to Keeper which is an Illinois company.

It also claimed that Goodin had failed to contact Keeper for comment and to check his facts with Keeper or Microsoft before filing the story.

The suit alleged that the article misled users into believing that they were infected by merely having the Keeper software on their systems. It added that there been no reports of loss of information or security breaches due to the vulnerability in the password manager.

Keeper claimed that publication of the article had caused it to suffer damages to its business, stakeholder relationships and other damages. It said these would be proven at trial to exceed US$75,000.

The company has sought damages, lawyers' fees and costs, removal of the article, and any other relief deemed suitable by the court.

Some security professionals were not impressed by Keeper's reaction.

Researcher and academic Matt Blaze said in a tweet: "In my professional opinion, suing those who discuss software vulnerabilities is itself a reliable indication of dangerously vulnerable software and incompetent security practices. For that reason, I will be avoiding Keeper Security products."

Computer networking and security research Steven Bellovin said: "Did you read the suit? As I read it, they're unhappy that the article didn't describe the precise steps users had to take to be vulnerable -- but didn't dispute the flaw at all."

But others were supportive of Keeper's lawsuit. 

Developer Scott Arciszewski said: "How dare Ars/Goodin try to update their article to be more accurate. That's what all slanderers do."

And another tech professional, Seth Hall, said: "Haven't seen its (the lawsuit's) accuracy disputed anywhere yet. Also, multiple major edits to the story don't look good for Ars or Goodin."

iTWire contacted Goodin but he declined to comment.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments