HTML standardization group calls on W3C to protect security researchers from DRM

drm-og-1

The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the manufacturer's permission. Read the rest

HP detonates its timebomb: printers stop accepting third party ink en masse

HP-Printer-Logo

On September 13, owners of HP OfficeJet, OfficeJet Pro and OfficeJet Pro X began contacting third-party ink vendors by the thousand, reporting that their HP printers no longer accepted third-party ink. Read the rest

IoT malware exploits DVRs, home cameras via default passwords

2003

The Internet of Things business model dictates that devices be designed with the minimum viable security to keep the products from blowing up before the company is bought or runs out of money, so we're filling our homes with net-connected devices that have crummy default passwords, and the ability to probe our phones and laptops, and to crawl the whole internet for other vulnerable systems to infect. Read the rest

If DRM is so great, why won't anyone warn you when you're buying it?

Mr_Yuck_Sticker

Last month, I filed comments with the Federal Trade Commission on behalf of Electronic Frontier Foundation, 22 of EFF's supporters, and a diverse coalition of rightsholders, public interest groups, and retailers, documenting the ways that ordinary Americans come to harm when they buy products without realizing that these goods have been encumbered with DRM, and asking the FTC to investigate fair labeling for products that come with sneaky technological shackles. Read the rest

Podcast: How we'll kill all the DRM in the world, forever

I'm keynoting the O'Reilly Security Conference in New York in Oct/Nov, so I stopped by the O'Reilly Security Podcast (MP3) to explain EFF's Apollo 1201 project, which aims to kill all the DRM in the world within a decade. Read the rest

How a digital-only smartphone opens the door to DRM (and how to close the door)

Headphone_jack_3.5mm-1

Fast Company's Mark Sullivan asked me to explain what could happen if Apple went through with its rumored plans to ship a phone with no analog sound outputs, only digital ones -- what kind of DRM badness might we expect to emerge? Read the rest

American Bar Association votes to DRM the law, put it behind a EULA

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1158

Rogue archivist Carl Malamud writes, "I just got back from the big debate on is free law like free beer that has been brewing for months at the American Bar Association over the question of who gets to read public safety codes and on what terms." Read the rest

Your medical data: misappropriated by health-tech companies, off-limits to you

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1153

Backchannel's package on medical data and the health-tech industry profiles three people who were able to shake loose their own data and make real improvements in their lives with it: Marie Moe, who discovered that the reason she was having terrifying cardiac episodes was out-of-date firmware on her pacemaker; Steven Keating, who created a website with exquisitely detailed data on his brain tumor, including a gene-sequence that had to be run a second time because the first scan wasn't approved for "commercial" use, which included publishing it on his own site; and Annie Kuehl, whose advocacy eventually revealed the fact that doctors had suspected all along that her sick baby had a rare genetic disorder, which she only learned about after years of agonizing victim-blaming and terrifying seizures. Read the rest

Return of Dieselgate: 3 more hidden programs found in VW Audi/Porsche firmware

2008-2010_Porsche_Cayenne_S_--_03-21-2012

The German newspaper Bild am Sonntag says that US investigators have discovered three more hidden cheat apps in a Volkswagen product line: these ones were discovered in 3-liter Audi diesels. Read the rest

Proof-of-concept ransomware for smart thermostats demoed at Defcon

1470580434407450

Last week, Andrew Tierney and Ken Munro from Pen Test Partners demoed their proof-of-concept ransomware for smart thermostats, which relies on users being tricked into downloading malware that then roots the device and locks the user out while displaying a demand for one bitcoin. Read the rest

DRM: You have the right to know what you're buying!

drm-og-1

Today, the EFF and a coalition of organizations and individuals asked the US Federal Trade Commission (FTC) to explore fair labeling rules that would require retailers to warn you when the products you buy come locked down by DRM ("Digital Rights Management" or "Digital Restrictions Management"). Read the rest

Copyright Office to FCC: Hollywood should be able to killswitch your TV

TV-TPC-1.svg_

20 years ago, Congress ordered the FCC to begin the process of allowing Americans to buy their pay TV boxes on the open market (rather than every American household spending hundreds of dollars a year renting a trailing-edge, ugly, energy-inefficient, badly designed box that is increasingly the locus of networked attacks that expose both the home LAN and the cameras and mics that are more and more likely to be integrated into TVs and decoder boxes) -- now, at last, the FCC is doing something about it. Read the rest

Big rigs can be hijacked and driven with software-based attacks

animation

In a two-month-long class assignment, researchers from the University of Michigan found vulnerabilities in J1939, the standard for networking in big rigs and other large industrial vehicles, that allowed them to control the acceleration, braking, and instrument panels of their target vehicles. Read the rest

Australian media accessibility group raises red flag about DRM in web standards

maa_logo

Media Access Australia is the only Australian nonprofit that advocates for making media accessible to people with disabilities -- and they're also a member of the World Wide Web Consortium (W3C), an open standards body that disappointed its supporters when it bowed to the big entertainment and browser companies and agreed to make a DRM system for online video. Read the rest

Bruce Schneier on the coming IoT security dumpster-fire

Brain-Controlled_Prosthetic_Arm_2

Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen. Read the rest

EFF is suing the US government to invalidate the DMCA's DRM provisions

Bunnie_Huang

The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. Read the rest

Modern Farmer on how the DMCA takes away farmers' rights over their tractors

Untitled12

In spring, 2015, American farmers started to spread the word that John Deere claimed that a notorious copyright law gave the company exclusive dominion over repairs to Deere farm-equipment, making it a felony (punishable by 5 years in prison and a $500K fine for a first offense) to fix your own tractor. Read the rest

More posts