W3C at a crossroads: technology standards setter or legal arms-dealer?

drm-og-1

The World Wide Web Consortium (W3C) is an amazing, long-running open standards body that has been largely responsible for the web's growth and vibrancy, creating open standards that lets anyone make web technology and become part of the internet ecosystem. Read the rest

Barnes & Noble's releasing a $50 Android tablet that does all the things Amazon won't let Kindles do

screen_20shot_202016-10-28_20a

Chris Meadows writes, "Barnes & Noble is coming out with a $50 Nook Android tablet, with hardware specs similar to Amazon's $50 Fire. The kicker is, this new Nook tablet will run plain-vanilla Android 6.0 Marshmallow and include the full suite of Google Play apps--unlike the Fire, which only permits installation of those apps Amazon deems suitable. Will this be enough to rescue the ailing Nook brand?" Read the rest

Winter Denial of Service attack knocks out heating in Finnish homes

pine-leaves-699180_960_720

A DDoS attack that incidentally affected the internet connections for at least two housing blocks in Lappeenranta, Finland caused their heating systems to shut down, leaving their residents without heat in subzero weather. Read the rest

Internet-destroying outages were caused by "amateurish" IoT malware

l3outage

Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders. Read the rest

Game developers say no to DRM: "hurts our customers"

zpy6woaiznz8lq3tylq0

The developers behind the hotly anticipated Shadow Warrior 2 have gone on record explaining why they didn't add DRM to their new title: they themselves hate DRM, and understand that DRM disproportionately inconveniences legit customers, not pirates who play cracked versions without DRM. Read the rest

Podcast: How we'll kill all the DRM in the world, forever

I'm keynoting the O'Reilly Security Conference in New York in Oct/Nov, so I stopped by the O'Reilly Security Podcast (MP3) to explain EFF's Apollo 1201 project, which aims to kill all the DRM in the world within a decade. Read the rest

How a digital-only smartphone opens the door to DRM (and how to close the door)

Headphone_jack_3.5mm-1

Fast Company's Mark Sullivan asked me to explain what could happen if Apple went through with its rumored plans to ship a phone with no analog sound outputs, only digital ones -- what kind of DRM badness might we expect to emerge? Read the rest

48 hours later, Adblock Plus beats Facebook's adblocker-blocker

330.0.0

On August 9, Facebook announced that it had defeated adblockers; on August 11, Adblock Plus announced that it had defeated Facebook. Read the rest

American Bar Association votes to DRM the law, put it behind a EULA

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1158

Rogue archivist Carl Malamud writes, "I just got back from the big debate on is free law like free beer that has been brewing for months at the American Bar Association over the question of who gets to read public safety codes and on what terms." Read the rest

Your medical data: misappropriated by health-tech companies, off-limits to you

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1153

Backchannel's package on medical data and the health-tech industry profiles three people who were able to shake loose their own data and make real improvements in their lives with it: Marie Moe, who discovered that the reason she was having terrifying cardiac episodes was out-of-date firmware on her pacemaker; Steven Keating, who created a website with exquisitely detailed data on his brain tumor, including a gene-sequence that had to be run a second time because the first scan wasn't approved for "commercial" use, which included publishing it on his own site; and Annie Kuehl, whose advocacy eventually revealed the fact that doctors had suspected all along that her sick baby had a rare genetic disorder, which she only learned about after years of agonizing victim-blaming and terrifying seizures. Read the rest

Return of Dieselgate: 3 more hidden programs found in VW Audi/Porsche firmware

2008-2010_Porsche_Cayenne_S_--_03-21-2012

The German newspaper Bild am Sonntag says that US investigators have discovered three more hidden cheat apps in a Volkswagen product line: these ones were discovered in 3-liter Audi diesels. Read the rest

1 billion computer monitors vulnerable to undetectable firmware attacks

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1153

A team led by Ang Cui (previously) -- the guy who showed how he could take over your LAN by sending a print-job to your printer -- have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen. Read the rest

DRM: You have the right to know what you're buying!

drm-og-1

Today, the EFF and a coalition of organizations and individuals asked the US Federal Trade Commission (FTC) to explore fair labeling rules that would require retailers to warn you when the products you buy come locked down by DRM ("Digital Rights Management" or "Digital Restrictions Management"). Read the rest

Copyright Office to FCC: Hollywood should be able to killswitch your TV

TV-TPC-1.svg_

20 years ago, Congress ordered the FCC to begin the process of allowing Americans to buy their pay TV boxes on the open market (rather than every American household spending hundreds of dollars a year renting a trailing-edge, ugly, energy-inefficient, badly designed box that is increasingly the locus of networked attacks that expose both the home LAN and the cameras and mics that are more and more likely to be integrated into TVs and decoder boxes) -- now, at last, the FCC is doing something about it. Read the rest

Big rigs can be hijacked and driven with software-based attacks

animation

In a two-month-long class assignment, researchers from the University of Michigan found vulnerabilities in J1939, the standard for networking in big rigs and other large industrial vehicles, that allowed them to control the acceleration, braking, and instrument panels of their target vehicles. Read the rest

UK Royal Society's #1 cybersecurity recommendation: don't backdoor crypto

Royal_Society_entrance (1)

The Royal Society, once presided over by Isaac Newton, is one of Britain's most respected learned institutions: that's why it matters so much that the organisation's new report, "Progress and research in cybersecurity," begins by demanding that government "must commit to preserving the robustness of encryption, including end-to-end encryption, and promoting its widespread use. Encryption is a foundational security technology that is needed to build user trust, improve security standards and fully realise the benefits of digital systems." Read the rest

Security researchers: the W3C's DRM needs to be thoroughly audited

animation-17

Encrypted Media Extensions (EME), part of a DRM system that's being standardized at the World Wide Web Consortium (W3C), marks the first instance in which a W3C standard will fall under laws like the DMCA, which let companies threaten security researchers with criminal and civil liability just for disclosing the defects in these products. Read the rest

More posts