Not just crapgadgets: Sony's enterprise CCTV can be easily hacked by IoT worms like Mirai

ipela-sony

The unprecedented denial-of-service attacks powered by the Mirai Internet of Things worm have harnessed crappy, no-name CCTVs, PVRs, and routers to launch unstoppable floods of internet noise, but it's not just faceless Chinese businesses that crank out containerloads of vulnerable, defective-by-design gear -- it's also name brands like Sony. Read the rest

My keynote from the O'Reilly Security Conference: "Security and feudalism: Own or be pwned"

hqdefault

Here's the 32 minute video of my presentation at last month's O'Reilly Security Conference in New York, "Security and feudalism: Own or be pwned." Read the rest

Call for submissions for Disobedient Electronics

332373631_4df091e053

"'Disobedient Electronics' is a zine-oriented publishing project that seeks submissions from industrial designers, electronic artists, hackers and makers that disobey conventions, especially work that is used to highlight injustices, discrimination or abuses of power." Read the rest

A lightbulb worm could take over every smart light in a city in minutes

animation-2

Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected. Read the rest

Why are license "agreements" so uniformly terrible?

050-056c026d-1c66-4d42-9fae-a8
An excerpt from The End of Ownership: Personal Property in the Digital Economy, by Aaron Perzanowski and Jason Schultz, coming this Friday from MIT Press.

Warner Bros angry that someone other than the MPAA is running an illegal internal movie server

warner-bros-logo

Warner Bros has sued talent agency Innovative Artists for running an internal-use Google Drive folder that let its clients and staff review movies in the course of their duties. They say the company ripped "screeners" (DVDs sent for review purposes) and put them on the server, whence they leaked onto torrent sites. Read the rest

Mercedes' weird "Trolley Problem" announcement continues dumb debate about self-driving cars

3064539-poster-p-1-self-drivin

In 1967, Philippa Foot posed the "Trolley Problem," an ethical conundrum about whether a bystander should be sacrificed to rescue the passengers of a speeding, out-of-control trolley; as self-driving cars have inched toward reality, this has been repurposed as a misleadingly chin-stroking question about autonomous vehicles: when faced with the choice of killing their owners or someone else, who should die? Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries

1476217504747570

Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish

1475518873610753

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

HP blinked! Let's keep the pressure on! [PLEASE SHARE!]

hp-drm-og_0-1

Only three days after EFF's open letter to HP over the company's deployment of a stealth "security update" that caused its printers to reject third-party cartridges, the company issued an apology promising to let customers optionally install another update to unbreak their printers. Read the rest

Electronic voting machines suck, the comprehensive 2016 election edition

feat_voting41-1

It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Read the rest

EFF to court: don't let US government prosecute professor over his book about securing computers

050-056c026d-1c66-4d42-9fae-a8

In July, the Electronic Frontier Foundation filed a federal lawsuit on behalf of Dr Matthew Green, a Johns Hopkins Information Security Institute Assistant Professor of Computer Science; now the US government has asked a court to dismiss Dr Green's claims. A brief from EFF explains what's at stake here: the right of security experts to tell us which computers are vulnerable to attack, and how to make them better. Read the rest

Demand that HP make amends for its self-destructing printers [SIGN AND SHARE!]

hp-drm-og_0-1

I've written an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation, asking him to make amends for his company's bizarre decision to hide a self-destruct sequence in a printer update that went off earlier this month, breaking them so that they would no longer use third-party ink cartridges. Read the rest

How free software stayed free

3411608138_9bdeeb5202_b

I did an interview with the Changelog podcast (MP3) about my upcoming talk at the O'Reilly Open Source conference in London, explaining how it is that the free and open web became so closed and unfree, but free and open software stayed so very free, and came to dominate the software landscape. Read the rest

Swedish law will let you write off the money you spend fixing things rather than trashing them

Two men working in a Bicycle repair shop, with tools of the trade.

In Sweden a legislative proposal will let repair shops will charge lower sales-tax, and allow people who repair their appliances and bicycles be to write off their expenditures. Read the rest

The AI Now Report: social/economic implications of near-future AI

ainowbag_reflection2-1-1-1

The National Economic Council convened a symposium at NYU's Information Law Institute in July, and they've released their report: 25 crisp (if slightly wonky) pages on how AI could increase inequality, erode accountability, and lead us into temptation -- along with recommendations for how to prevent this, from involving marginalized and displaced people in AI oversight; to increasing the diversity of AI researchers; to modifying the Computer Fraud and Abuse Act and Digital Millennium Copyright Act to clarify that neither stands in the way of independent auditing of AI systems. Read the rest

HTML standardization group calls on W3C to protect security researchers from DRM

drm-og-1

The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the manufacturer's permission. Read the rest

More posts