
Security researcher sued for 'intention' to cause harm - DyslexicAtheist
https://www.documentcloud.org/documents/4333677-Keeper-Security-Inc-v-Goodin-et-al.html
======
payne92
From the complaint:

 _Before any such “vulnerability” could have any chance to impact a user, the
user would have to be subject to specific conditions and take the following
steps: (1) the user would have to separately install the Keeper Browser
Extension; then (2) sign into the Keeper Browser Extension (which requires the
user to first have a registered Keeper account); then (3) create and store (or
have existing and >previously created) website login credentials inside their
Keeper Vault; then (4) visit a malicious website set up to steal a user’s
website login credentials; then (5) the malicious website would have to inject
a specific type of malware into the Keeper Browser Extension._

...and before GM's ignition switch "defect" would have any chance to impact a
driver, they'd have to (1) have a heavy key chain, (b) drive often enough to
wear the switch, (c) be in a particular driving situation where a cutoff risks
loss of control, and (d) have the cutoff actually occur.

The fundamental concept of "vulnerability" seems lost on this plaintiff and
his attorneys.

We can only hope that the post-Equifax climate has little tolerance for this
sort of legal umbrage related to security problems.

------
DyslexicAtheist
TL;DR: Keeper (a company making password manager) is suing @dangoodin001 and
@arstechnica et al for allegedly "false and misleading" statements about a
security flaw:
[https://twitter.com/zackwhittaker/status/943533616667250694](https://twitter.com/zackwhittaker/status/943533616667250694)

~~~
msla
Just because the purported PDF is an image file and OCR technology isn't
instant yet: [https://arstechnica.com/information-
technology/2017/12/micro...](https://arstechnica.com/information-
technology/2017/12/microsoft-is-forcing-users-to-install-a-critically-flawed-
password-manager/)

------
Stefan-H
At first I thought this was likely to trigger the Streisand effect - but after
looking through the document, if the bug exists in a separately installed
application that cannot be used without registering, the statements by Ars
Technica look to be quite misleading.

edit: To elaborate - the article seems quite sensationalist and attempted to
imply that Win 10 by default "forces" an app on users that if used would
expose their credentials. The users of the app are indeed at risk if they use
the vulnerable plugin, however the article seems to imply a much more direct
relationship with Keeper putting all Win 10 users at risk. This comes down to
either bad journalism (not understanding the issue) or sensationalist
journalism (trying to make the story seem bigger than it is). Either way I can
defintiely see that this would cause harm to Keeper, and Ars continued to
present the issue in a way that dramatized the risks, despite being presented
with the facts.

