Martin Holst Swende maintains a free/open tool for testing software that uses the (notoriously flawed) Iclass Software, which is used by Inside Secure for its RFID-based access systems.
Now, Inside has sent Swende a legal threat, asserting that it holds a patent on the (again, flawed) Iclass algorithms, and that by implementing them in a test suite (and embarrassing Inside), he has violated the patent. They want him to erase the evidence of their incompetence.
In the world of “internet security”, where the sky is falling every other month, there is hardly much controversy any longer about full-disclosure email lists, exploitation frameworks and reverse engineering. Nowadays vendors, institutes and organizations offers bug bounties and competitions, and there is a high level of transparency regarding flaws and fixes, using a common rating system for vulnerabilities.
In “internet security”, all parties know that systems suffer from vulnerabilities, and if vendors are being forthcoming about vulnerabilities, users can take necessary steps to protect themselves from unnecessary risks. Controversy nowadays is generated by the sale of 0-days to private (and government) actors, since users are left as sitting ducks to those with enough money and resources.
In “internet security”, a vendor is given credit not for providing fail-safe invulnerable systems, but for responsible, accurate and timely security patches and advisories.
By contrast, the “physical security” scene appears about a decade behind, and I don’t believe this to benefit neither the customers, nor, in the long run, the vendors themselves.
Legal woes [Martin Holst Swende]
CSIR-Tech is the commercial arm of the Indian government’s Council of Scientific and Industrial Research; after spending ₹50 crore (about USD7.6M) pursuing more than 13,000 “bio-data patents” (patents of no real value save burnishing the credentials of the scientists whose names appear on them), they have run out of money and shut down.
Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers’ data; undersecured it; and then failed to warn their customers that they were at risk.
The World Wide Web Consortium has announced that its members have until April 19 to weigh in on whether the organization should publish Encrypted Media Extensions, its DRM standard for web video, despite the fact that this would give corporations the new right to sue people who engaged in legal activity, from security researchers who […]
You know the drill. You go to the dentist and they ask you how often you floss. You lie through your teeth and say, “every day!” (Bonus points if you have some cilantro or chives stuck in your gums from lunch). You don’t want to keep up the charade any longer, but rubbing that tiny strand […]
The Raspberry Pi Foundation has done outstanding work packing a fully capable desktop computer into a package the size of a deck cards—especially one that only costs $35. But if you already have a working laptop, why should you care? Oh, how much you have to learn. Besides operating well as a compact digital media hub, […]
Custom coffee vessels are the perfect piece of office flair, but it’s just a matter of time before your VOTE FOR PEDRO mug will start to lose its relevant wit. Why not have a new one every day, with whatever silly nonsense you want sticking off the sides? You can save big on your novelty […]