Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://ottawa.place/users/leigh/statuses/109597167493200100">Leigh Honeywell (leigh@ottawa.place)'s status on Friday, 30-Dec-2022 00:17:19 JST</a><a href="https://ottawa.place/@leigh" title="leigh@ottawa.place"><img src="https://gnusocial.jp/avatar/37893-48-20221128200036.webp" width="48" height="48" alt="Leigh Honeywell" style="position: absolute; left: 0; top: 0;">Leigh Honeywell</a><div><a href="https://infosec.exchange/@KeeperSecurity/109592686000529593" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/82347" title="keepersecurity@infosec.exchange">Keeper Security</a></li><li><a href="https://gnusocial.jp/user/82348" title="sc00bz@infosec.exchange">Sc00bz</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@sc00bz">@sc00bz</a> <a href="https://infosec.exchange/@epixoip">@epixoip</a> <a href="https://infosec.exchange/@KeeperSecurity">@KeeperSecurity</a> folks considering Keeper as a password manager should be aware of their litigious history with the security community: <a href="https://www.techdirt.com/2018/03/09/keeper-security-reminds-everyone-why-you-shouldnt-use-it-doubles-down-suing-journalist/" rel="nofollow noreferrer">https://www.techdirt.com/2018/03/09/keeper-security-reminds-everyone-why-you-shouldnt-use-it-doubles-down-suing-journalist/</a></p><p>They have a bug bounty now (<a href="https://bugcrowd.com/keepersecurity" rel="nofollow noreferrer">https://bugcrowd.com/keepersecurity</a> ) but it does not allow researchers to disclose bugs (see “Disclosure” section) which to me represents a failure to engage with the security community. No amount of acronym certifications will make that ok for such a critical piece of security infrastructure.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/950253#notice-2172560">In conversation</a><time datetime="2022-12-30T00:17:19+09:00" title="Friday, 30-Dec-2022 00:17:19 JST">Friday, 30-Dec-2022 00:17:19 JST</time> <span>from <span><a href="https://ottawa.place/@leigh/109597167493200100" rel="external" title="Sent from ottawa.place via ActivityPub">ottawa.place</a></span></span><a href="https://ottawa.place/@leigh/109597167493200100">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/564406">Untitled attachment</a></label><br></li><li><article><header><div>Domain not in remote thumbnail source whitelist: logos.bugcrowdusercontent.com</div><h5><a href="https://bugcrowd.com/keepersecurity">Keeper Security’s bug bounty program | Bugcrowd</a></h5><div> from <span>@bugcrowd</span></div></header><div>Learn more about Keeper Security’s bug bounty program powered by Bugcrowd, the leader in crowdsourced security solutions.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Leigh Honeywell (leigh@ottawa.place)'s status on Friday, 30-Dec-2022 00:17:19 JSTLeigh Honeywell
in reply to
@sc00bz @epixoip @KeeperSecurity folks considering Keeper as a password manager should be aware of their litigious history with the security community: https://www.techdirt.com/2018/03/09/keeper-security-reminds-everyone-why-you-shouldnt-use-it-doubles-down-suing-journalist/
They have a bug bounty now (https://bugcrowd.com/keepersecurity ) but it does not allow researchers to disclose bugs (see “Disclosure” section) which to me represents a failure to engage with the security community. No amount of acronym certifications will make that ok for such a critical piece of security infrastructure.
In conversationFriday, 30-Dec-2022 00:17:19 JST from ottawa.placepermalink
Attachments
1. Untitled attachment
2. Domain not in remote thumbnail source whitelist: logos.bugcrowdusercontent.com
  Keeper Security’s bug bounty program | Bugcrowd
  from @bugcrowd
  Learn more about Keeper Security’s bug bounty program powered by Bugcrowd, the leader in crowdsourced security solutions.

Public

Embed Notice

HTML Code

Corresponding Notice