At this week's B-Sides Manchester security conference, James Williams gave a talk called "Next-gen AV vs my shitty code," in which he systematically revealed the dramatic shortcomings of anti-virus products that people pay good money for and trust to keep them safe -- making a strong case that these companies were selling defective goods. Read the rest

After a week of blockbuster security revelations from Defcon it's important to take a step back and address the ongoing battle by companies to seize a veto over who can reveal defects in their products. Read the rest

Spoiler alert: to steal from prisoners and their families. Read the rest

If you're a dominant near-monopolist like Facebook, your first preference is to have no regulation at all -- but your close second choice is to have lots of regulation that you can afford, but that potential competitors can't, sparing you the tedious exercise of buying and killing any company that might grow up to compete with you some day. Read the rest

On Monday, the Supreme Court will review the 9th Circuit's decision in Apple Inc. v. Pepper, in which the plaintiffs argue that Apple has established a monopoly over apps for Ios (this part is actually incontrovertible, as Apple has used both technology and law to prevent rival app stores from operating), and that Iphone and Ipad owners have a right to ask the government to break up this monopoly (that's the controversial part). Read the rest

Jonathan Zittrain (previously) writes, "There’s reason to worry about security for the ever-growing Internet of Things, and it’ll be tempting to encourage vendors to solely control their devices that much more, limiting interoperability or user tinkering. There are alternatives - models for maintaining firmware patches for orphaned devices, and a 'Faraday mode' so that iffy devices can still at least partially function even if they’re not able to remain safely online. Procrastination around security has played a key role in its success. But 'later' shouldn’t mean 'never' for the IoT." Read the rest

The UK consumer review magazine Which? (equivalent to America's Consumer Reports) has published a special investigation into the ways that Internet of Things smart devices are spying on Britons at farcical levels, with the recommendation that people avoid smart devices where possible, to feed false data to smart devices you do own, and to turn off data-collection settings in devices' confusing, deeply hidden control panels. Read the rest

When researchers write, we don't just describe new findings -- we place them in context by citing the work of others. Citations trace the lineage of ideas, connecting disparate lines of scholarship into a cohesive body of knowledge, and forming the basis of how we know what we know.

Back in 2016, the ACLU and First Look (the publishers of The Intercept) sued the US government to force it to clarify that the 1986 Computer Fraud and Abuse Act -- the overbroad statute passed during over a panic sparked by the movie "Wargames" -- does not prohibit violations of terms of service. Read the rest

Georgia is a hub for cybersecurity research, with leading university computer science and security programs and a new $35m state cybersecurity research center underway; but the Georgia state legislature just passed SB315, the most onerous prohibition on computer security research ever passed in the USA. Read the rest

Robot law pioneer Ryan Calo (previously) teamed up with U Washington computer science and law-school colleagues to write Is Tricking a Robot Hacking? -- a University of Washington School of Law Research Paper. Read the rest

University of Texas law professor Bobby Chesney has developed a detailed syllabus for a course in "Cybersecurity Foundations: Law, Policy, and Institutions" that is aimed at grad students from law, business, engineering, and computer science. Read the rest

Dropbox has published a set of guidelines for how companies can "encourage, support, and celebrate independent open security research" -- and they're actually pretty great, a set of reasonable commitments to take bug reports seriously and interact respectfully with researchers. Read the rest

Many people worry that 3D printers will usher in an epidemic of untraceable "ghost guns," particularly guns that might evade some notional future gun control regime that emerges out of the current movement to put sensible, minimal curbs on guns, particularly anti-personnel guns. Read the rest

The Security Innovation Center is a lobbying group backed by CompTIA, CTIA, TechNet and the Consumer Technology Association for the express purpose of fighting laws that would legalize repairing your own property, or choosing to have it repaired by third parties. Read the rest

The only thing worse than driving a car with defective brakes is unknowingly driving a car with defective brakes -- and learning about them the hard way. Read the rest

A Ninth Circuit Appellate Court has rejected Oracle's attempt to treat violating its website terms of service as a felony under the Computer Fraud and Abuse Act, Read the rest