Game developers say no to DRM: "hurts our customers"


The developers behind the hotly anticipated Shadow Warrior 2 have gone on record explaining why they didn't add DRM to their new title: they themselves hate DRM, and understand that DRM disproportionately inconveniences legit customers, not pirates who play cracked versions without DRM. Read the rest

Johnson & Johnson says people with diabetes don't need to worry about potentially lethal wireless attacks on insulin pumps


Rapid7 security researcher Jay Radcliffe (previously) has Type I diabetes, and has taken a personal interest in rooting out vulnerabilities in the networked, wireless-equipped blood-sugar monitors and insulin-pumps marketed to people with diabetes, repeatedly discovering potentially lethal defects in these devices. Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish


Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

HP blinked! Let's keep the pressure on! [PLEASE SHARE!]


Only three days after EFF's open letter to HP over the company's deployment of a stealth "security update" that caused its printers to reject third-party cartridges, the company issued an apology promising to let customers optionally install another update to unbreak their printers. Read the rest

Google: if you support Amazon's Echo, you're cut off from Google Home and Chromecast


A closed-door unveiling of the forthcoming Google Home smart speaker platform included the nakedly anticompetitive news that vendors whose products support Amazon's Echo will be blocked from integrating with Google's own, rival platform. Read the rest

Your next DDoS attack, brought to you courtesy of the IoT


The internet is reeling under the onslaught of unprecedented denial-of-service attacks, the sort we normally associate with powerful adversaries like international criminal syndicates and major governments, but these attacks are commanded by penny-ante crooks who are able to harness millions of low-powered, insecure Internet of Things devices like smart lightbulbs to do their bidding. Read the rest

Electronic voting machines suck, the comprehensive 2016 election edition


It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Read the rest

EFF to court: don't let US government prosecute professor over his book about securing computers


In July, the Electronic Frontier Foundation filed a federal lawsuit on behalf of Dr Matthew Green, a Johns Hopkins Information Security Institute Assistant Professor of Computer Science; now the US government has asked a court to dismiss Dr Green's claims. A brief from EFF explains what's at stake here: the right of security experts to tell us which computers are vulnerable to attack, and how to make them better. Read the rest

HP blinks, says it will restore printer functionality, but there's a LOT more it needs to do


More than 10,000 people have signed onto EFF's open letter to HP CEO Dion Weisler, taking the company to task for its dirty trick of using a security update to revoke its customers' ability to print with third-party ink. Read the rest

Demand that HP make amends for its self-destructing printers [SIGN AND SHARE!]


I've written an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation, asking him to make amends for his company's bizarre decision to hide a self-destruct sequence in a printer update that went off earlier this month, breaking them so that they would no longer use third-party ink cartridges. Read the rest

How free software stayed free


I did an interview with the Changelog podcast (MP3) about my upcoming talk at the O'Reilly Open Source conference in London, explaining how it is that the free and open web became so closed and unfree, but free and open software stayed so very free, and came to dominate the software landscape. Read the rest

Swedish law will let you write off the money you spend fixing things rather than trashing them

Two men working in a Bicycle repair shop, with tools of the trade.

In Sweden a legislative proposal will let repair shops will charge lower sales-tax, and allow people who repair their appliances and bicycles be to write off their expenditures. Read the rest

The AI Now Report: social/economic implications of near-future AI


The National Economic Council convened a symposium at NYU's Information Law Institute in July, and they've released their report: 25 crisp (if slightly wonky) pages on how AI could increase inequality, erode accountability, and lead us into temptation -- along with recommendations for how to prevent this, from involving marginalized and displaced people in AI oversight; to increasing the diversity of AI researchers; to modifying the Computer Fraud and Abuse Act and Digital Millennium Copyright Act to clarify that neither stands in the way of independent auditing of AI systems. Read the rest

HTML standardization group calls on W3C to protect security researchers from DRM


The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the manufacturer's permission. Read the rest

HP detonates its timebomb: printers stop accepting third party ink en masse


On September 13, owners of HP OfficeJet, OfficeJet Pro and OfficeJet Pro X began contacting third-party ink vendors by the thousand, reporting that their HP printers no longer accepted third-party ink. Read the rest

IoT malware exploits DVRs, home cameras via default passwords


The Internet of Things business model dictates that devices be designed with the minimum viable security to keep the products from blowing up before the company is bought or runs out of money, so we're filling our homes with net-connected devices that have crummy default passwords, and the ability to probe our phones and laptops, and to crawl the whole internet for other vulnerable systems to infect. Read the rest

Podcast: How we'll kill all the DRM in the world, forever

I'm keynoting the O'Reilly Security Conference in New York in Oct/Nov, so I stopped by the O'Reilly Security Podcast (MP3) to explain EFF's Apollo 1201 project, which aims to kill all the DRM in the world within a decade. Read the rest

More posts