How companies should plan for, and respond to, security breaches

Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers' data; undersecured it; and then failed to warn their customers that they were at risk. Read the rest

Desperate John Deere tractor owners are downloading illegal Ukrainian firmware hacks to get the crops in

John Deere is notorious for arguing that farmers who buy its tractors actually "license" them because Deere still owns the copyright to the tractors' software; in 2015, the US Copyright Office affirmed that farmers were allowed to jailbreak their tractors to effect repairs and modifications. Read the rest

W3C moves to finalize DRM standardization, reclassifies suing security researchers as a feature, not a bug

The World Wide Web Consortium has announced that its members have until April 19 to weigh in on whether the organization should publish Encrypted Media Extensions, its DRM standard for web video, despite the fact that this would give corporations the new right to sue people who engaged in legal activity, from security researchers who revealed defects in browsers to accessibility workers who adapted video for disabled people to scrappy new companies who come up with legal ways to get more use out of your property. Read the rest

How license "agreements" interfere with the right to repair

States across America are considering "Right to Repair" legislation that would guarantee your right to choose who fixes your stuff (or to fix it yourself); but they're fighting stiff headwinds, from the motorcycle makers who claim that fixing your motorcycle should be a crime to Apple, who feel the same way, but about phones. Read the rest

UC Berkeley nuked 20,000 Creative Commons lectures, but they're not going away

A ruling about a DC university held that posting course videos to the open web without subtitling them violated the Americans With Disabilities Act (while keeping them private to students did not) (I know: weird), and this prompted UC Berkeley to announce the impending removal of 20,000 open courseware videos from Youtube. Read the rest

Smart meters can overbill by 582%

A team from the University of Twente and the Amsterdam University of Applied Sciences have published a paper demonstrating gross overbillings by smart energy meters, ranging from -32% to +582% of actual power consumption. Read the rest

Testing products for data privacy and security

It’s an exciting and treacherous time to be a consumer. The benefits of new digital products and services are well documented, but the new risks they introduce are not. Basic security precautions are ignored to hasten time to market. Biased algorithms govern access to fair pricing. And four of the five most valuable companies in the world earn their revenue through products that mine vast quantities of consumer data, creating an unprecedented concentration of corporate power. A recent survey at Consumer Reports showed that 65% of Americans lack confidence their data is private or secure, with most consumers feeling powerless to do anything about it.

Landmark ruling shows Canada has one of the world's worst DRM laws

When the Canadian Parliament passed Bill C-11 -- Canada's answer to America's notorious Digital Millennium Copyright Act -- it was in the teeth of fierce opposition from scholars, activists and technologists, who said that making it a crime to modify your own property so you could do something legal (that the manufacturer disapproved of) had been proven to be a terrible idea in practice in the USA, and that Canada should learn from its neighbour's mistake. Read the rest

Healthcare facilities widely compromised by Medjack, malware that infects medical devices to steal your information

The healthcare industry is a well-known information security dumpster fire, from the entire hospitals hijacked by ransomware to the useless security on medical devices to the terrifying world of shitty state security for medical implants -- all made worse by the cack-handed security measures that hospital workers have to bypass to get on with saving our lives (and it's about to get worse, thanks to the Internet of Things). Read the rest

We are one RFID away from a dishwasher that rejects third-party dishes on pain of a 5-year prison sentence

Two years ago, I wrote If dishwashers were iPhones, a column in the Guardian that took the form of an open letter from the CEO of a dishwasher company that had deployed DRM to make sure you only used dishes it sold you in "their" dishwashers. Read the rest

Reply All covers DRM and the W3C

In the latest episode of Reply All, a fantastic tech podcast, the hosts and producers discuss the situation with DRM, the future of the web, and the W3C -- a piece I've been working on them with for a year now. Read the rest

Collapsing "connected toy" company did nothing while hackers stole millions of voice recordings of kids and parents

Spiral Toys -- a division of Mready, a Romanian electronics company that lost more than 99% of its market-cap in 2015 -- makes a line of toys called "Cloudpets," that use an app to allow parents and children to exchange voice-messages with one another. They exposed a database of millions of these messages, along with sensitive private information about children and parents, for years, without even the most basic password protections -- and as the company imploded, they ignored both security researchers and blackmailers who repeatedly contacted them to let them know that all this data was being stolen. Read the rest

Kickstarting a car-hacking tool that lets you take control of your own vehicle

The fully-funded Macchina project on Kickstarter is an Arduino-based, "open, versatile" gadget that bypasses the DRM in your car's network, allowing you to configure it to work the way you want it to, so you can customize your car in all kinds of cool ways. Read the rest

A Clinton-era tech law has quietly, profoundly redefined the very nature of property in the IoT age

An excellent excerpt from Aaron Perzanowski and Jason Schultz's The End of Ownership: Personal Property in the Digital Economy on Motherboard explains how Section 1201 of the 1998 Digital Millennium Copyright Act -- which bans tampering with or bypassing DRM, even for legal reasons -- has allowed corporations to design their products so that using them in unapproved ways is an actual felony. Read the rest

The previous owners of used "smart" cars can still control them via the cars' apps (not just cars!)

It's not just that smart cars' Android apps are sloppily designed and thus horribly insecure; they are also deliberately designed with extremely poor security choices: even if you factory-reset a car after it is sold as used, the original owner can still locate it, honk its horn, and unlock its doors. Read the rest

Bad Android security makes it easy to break into and steal millions of "smart" cars

Securelist's report on the security vulnerabilities in Android-based "connected cars" describes how custom Android apps could be used to find out where the car is, follow it around, unlock its doors, start its engine, and drive it away. Read the rest

Source tells Motherboard that Apple will testify against Nebraska's "Right to Repair" law

Motherboard says a source told them that "an Apple representative, staffer, or lobbyist will testify" against the state's Right to Repair bill, which requires companies to make it easy for their customers to choose from a variety of repair options, from official channels to third parties to DIY. Read the rest

More posts