W3C at a crossroads: technology standards setter or legal arms-dealer?

drm-og-1

The World Wide Web Consortium (W3C) is an amazing, long-running open standards body that has been largely responsible for the web's growth and vibrancy, creating open standards that lets anyone make web technology and become part of the internet ecosystem. Read the rest

My keynote from the O'Reilly Security Conference: "Security and feudalism: Own or be pwned"

hqdefault

Here's the 32 minute video of my presentation at last month's O'Reilly Security Conference in New York, "Security and feudalism: Own or be pwned." Read the rest

Car Wars: a dystopian science fiction story about the nightmare of self-driving cars

hero_car

Melbourne's Deakin University commissioned me to write a science fiction story about the design and regulation of self-driving cars, inspired by my essay about the misapplication of the "Trolley Problem" to autonomous vehicles. Read the rest

A lightbulb worm could take over every smart light in a city in minutes

animation-2

Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected. Read the rest

Winter Denial of Service attack knocks out heating in Finnish homes

pine-leaves-699180_960_720

A DDoS attack that incidentally affected the internet connections for at least two housing blocks in Lappeenranta, Finland caused their heating systems to shut down, leaving their residents without heat in subzero weather. Read the rest

Sole and Despotic Dominion: how a 20th century copyright law is abolishing property for humans (but not corporations)

050-056c026d-1c66-4d42-9fae-a8

In the 18th century, William Blackstone wrote the seminal "Commentaries on the Laws of England," which contained one of the foundational definitions of property: "that sole and despotic dominion which one man claims and exercises over the external things of the world, in total exclusion of the right of any other individual in the universe." Read the rest

Warner Bros angry that someone other than the MPAA is running an illegal internal movie server

warner-bros-logo

Warner Bros has sued talent agency Innovative Artists for running an internal-use Google Drive folder that let its clients and staff review movies in the course of their duties. They say the company ripped "screeners" (DVDs sent for review purposes) and put them on the server, whence they leaked onto torrent sites. Read the rest

Every Android device potentially vulnerable to "most serious" Linux escalation attack, ever

mud_cow_racing_-_pacu_jawi_-_w

The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges. Read the rest

Mercedes' weird "Trolley Problem" announcement continues dumb debate about self-driving cars

3064539-poster-p-1-self-drivin

In 1967, Philippa Foot posed the "Trolley Problem," an ethical conundrum about whether a bystander should be sacrificed to rescue the passengers of a speeding, out-of-control trolley; as self-driving cars have inched toward reality, this has been repurposed as a misleadingly chin-stroking question about autonomous vehicles: when faced with the choice of killing their owners or someone else, who should die? Read the rest

Internet-destroying outages were caused by "amateurish" IoT malware

l3outage

Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders. Read the rest

Game developers say no to DRM: "hurts our customers"

zpy6woaiznz8lq3tylq0

The developers behind the hotly anticipated Shadow Warrior 2 have gone on record explaining why they didn't add DRM to their new title: they themselves hate DRM, and understand that DRM disproportionately inconveniences legit customers, not pirates who play cracked versions without DRM. Read the rest

Johnson & Johnson says people with diabetes don't need to worry about potentially lethal wireless attacks on insulin pumps

050-056c026d-1c66-4d42-9fae-a8

Rapid7 security researcher Jay Radcliffe (previously) has Type I diabetes, and has taken a personal interest in rooting out vulnerabilities in the networked, wireless-equipped blood-sugar monitors and insulin-pumps marketed to people with diabetes, repeatedly discovering potentially lethal defects in these devices. Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish

1475518873610753

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

HP blinked! Let's keep the pressure on! [PLEASE SHARE!]

hp-drm-og_0-1

Only three days after EFF's open letter to HP over the company's deployment of a stealth "security update" that caused its printers to reject third-party cartridges, the company issued an apology promising to let customers optionally install another update to unbreak their printers. Read the rest

Google: if you support Amazon's Echo, you're cut off from Google Home and Chromecast

050-056c026d-1c66-4d42-9fae-a8

A closed-door unveiling of the forthcoming Google Home smart speaker platform included the nakedly anticompetitive news that vendors whose products support Amazon's Echo will be blocked from integrating with Google's own, rival platform. Read the rest

Your next DDoS attack, brought to you courtesy of the IoT

the-brave-little-toaster

The internet is reeling under the onslaught of unprecedented denial-of-service attacks, the sort we normally associate with powerful adversaries like international criminal syndicates and major governments, but these attacks are commanded by penny-ante crooks who are able to harness millions of low-powered, insecure Internet of Things devices like smart lightbulbs to do their bidding. Read the rest

Electronic voting machines suck, the comprehensive 2016 election edition

feat_voting41-1

It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Read the rest

More posts