Medical devices have long been the locus of information security's scariest failures: from the testing and life-support equipment in hospitals to the implants that go in your body: these systems are often designed to harvest titanic amounts of data about you, data you're not allowed to see that's processed by code you're not allowed to audit, with potential felony prosecutions for security researchers who report defects in these systems (only partially mitigated by a limited exemption that expires next year). What's more, it can get much worse.
Read the rest
Today, activists will gather in Cambridge, Mass to march to the offices of W3C Director Tim Berners-Lee to urge him to keep DRM out of the standards for the open web.
Read the rest
Persirai is a new strain of Internet of Things malware that infects more than 1,250 models of security camera, all manufactured by an unnamed Chinese manufacturer that has sold at least 185,000 units worldwide.
Read the rest
It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next?
Read the rest
Tim Wu, the Colombia University law professor and anti-trust/competition expert who coined the term "Net Neutrality," has published an open letter to Tim Berners-Lee, the creator of the web and director of the World Wide Web Consortium (W3C).
Read the rest
Brewster Kahle, who invented the first two search engines and went on to found and run the Internet Archive has published an open letter describing the problems that the W3C's move to standardize DRM for the web without protecting otherwise legal acts, like archiving, will hurt the open web.
Read the rest
The Just Net Coalition -- whose membership roll includes leading human rights organisations from across the global south -- have written urgently to the World Wide Web Coalition and its founder, Tim Berners-Lee, calling on him to intervene to stop the Consortium from publishing its first-ever DRM standard, a system for restricting video streams called Encrypted Media Extensions.
Read the rest
Bruce Schneier takes to the pages of Technology Review to remind us all that while botnets have been around for a long time, the Internet of Things is supercharging them, thanks to insecurity by design.
Read the rest
German Member of the European Parliament Julia Reda (previously) has published an open-letter signed by UK MEP Lucy Anderson, raising alarm at the fact that the W3C is on the brink of finalising a DRM standard for web video, which -- thanks to crazy laws protecting DRM -- will leave users at risk of unreported security vulnerabilities, and also prevent third parties from adapting browsers for the needs of disabled people, archivists, and the wider public.
Read the rest
With two days to go until the close of the World Wide Web Consortium members' poll on finalising DRM and publishing it as an official web standard, the UK Open Rights Group is asking Britons to write to the Consortium and its founder, Tim Berners-Lee, to advocate for a much-needed, modest compromise that would protect the open web from the world's bizarre, awful, overreaching DRM laws.
Read the rest
It's been more than a year since RSA's Rotem Kerner published his research on the insecurities in a PVR that was "white labeled" by TVT, a Chinese company and sold under over 70 brand-names around the world. In the intervening year, tens of thousands of these devices have been hijacked into botnets used by criminals in denial of service attacks, and TVT is still MIA, having done nothing to repair them.
Read the rest
Unesco's Frank La Rue has published a letter to Tim Berners-Lee, Director of the World Wide Web Consortium, warning him of the grave free-speech consequences of making DRM for the web without ensuring that lawful activity that requires bypassing it is also protected.
Read the rest
The New Scientist has published a good piece on Encrypted Media Extensions (previously), the World Wide Web Consortium's proposed standard for adding DRM to video streams; they're creating their first-ever standard that is encompassed by laws protecting DRM (such as the DMCA), and in so doing, they're creating new liability for security researchers, who'll face unprecedented criminal and civil liability just for reporting defects in browsers.
Read the rest
A security researcher has published a vulnerability and proof-of-concept exploits in Google's Internet of Things security cameras, marketed as Nest Dropcam, Nest Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor; these vulnerabilities were disclosed to Google last fall, but Google/Nest have not patched them despite the gravity of the vulnerability and the long months since the disclosure.
Read the rest
The World Wide Web Consortium has announced that its members have until April 19 to weigh in on whether the organization should publish Encrypted Media Extensions, its DRM standard for web video, despite the fact that this would give corporations the new right to sue people who engaged in legal activity, from security researchers who revealed defects in browsers to accessibility workers who adapted video for disabled people to scrappy new companies who come up with legal ways to get more use out of your property.
Read the rest
A ruling about a DC university held that posting course videos to the open web without subtitling them violated the Americans With Disabilities Act (while keeping them private to students did not) (I know: weird), and this prompted UC Berkeley to announce the impending removal of 20,000 open courseware videos from Youtube.
Read the rest
Wikileaks' seismic Vault 7 release didn't follow the usual Wikileaks procedure: perhaps in response to earlier criticism, the organization redacted many of the files prior to their release, cutting names of CIA operatives and the sourcecode for the cyber-weapons the CIA had developed, which exploit widely used mobile devices, embedded systems, and operating systems.
Read the rest
