Martin Holst Swende maintains a free/open tool for testing software that uses the (notoriously flawed) Iclass Software, which is used by Inside Secure for its RFID-based access systems.
Now, Inside has sent Swende a legal threat, asserting that it holds a patent on the (again, flawed) Iclass algorithms, and that by implementing them in a test suite (and embarrassing Inside), he has violated the patent. They want him to erase the evidence of their incompetence.
In the world of “internet security”, where the sky is falling every other month, there is hardly much controversy any longer about full-disclosure email lists, exploitation frameworks and reverse engineering. Nowadays vendors, institutes and organizations offers bug bounties and competitions, and there is a high level of transparency regarding flaws and fixes, using a common rating system for vulnerabilities.
In “internet security”, all parties know that systems suffer from vulnerabilities, and if vendors are being forthcoming about vulnerabilities, users can take necessary steps to protect themselves from unnecessary risks. Controversy nowadays is generated by the sale of 0-days to private (and government) actors, since users are left as sitting ducks to those with enough money and resources.
In “internet security”, a vendor is given credit not for providing fail-safe invulnerable systems, but for responsible, accurate and timely security patches and advisories.
By contrast, the “physical security” scene appears about a decade behind, and I don’t believe this to benefit neither the customers, nor, in the long run, the vendors themselves.
Legal woes [Martin Holst Swende]
Ten years ago, Apple released the Ipad. I was in a hotel room in Seattle, jetlagged and awake at 4AM while my wife and daughter slept.
Last year, the EU adopted the incredibly controversial Copyright Directive (it passed by only five votes, and afterwards 10 MEPs said they'd got confused and pushed the wrong buttons!): now, EU member states have to create rules that require online platforms to filter all user-generated content and block it if it matches a secret, unaccountable […]
Back in 2017, the World Wide Web Consortium (W3C) approved the most controversial standard in its long history: Encrypted Media Extensions, or EME, which enabled Netflix and other big media companies to use DRM despite changes to browsers extensions that eliminated the kinds of deep hooks that DRM requires.
If you want to understand what it takes to keep a company’s computer network happy and healthy in the cloud, the training found in The Complete AWS eBook and Video Course Bundle can go a long way toward making sure you know the ins and outs of the AWS environment. This bundle brings together five […]
Part of the reason WordPress is the undisputed king of website creation is its open-source framework, allowing anyone to create plugins offering levels of functionality to WordPress sites that were unprecedented. So where do you find all the great ideas that are pushing WordPress forward? You can sample a heaping spoonful of that innovation with […]
If you’re a photographer, videographer, or graphic designer, you’ve got a lot of competition charging up behind you. Because while you’ve been trained as a content creator, the task of snapping brilliant images, capturing well-composed video, and posting effective social media is now part of literally everyone’s skill set. For years, Adobe and their ubiquitous […]