Medical implants and hospital systems are still infosec dumpster-fires

Medical devices have long been the locus of information security's scariest failures: from the testing and life-support equipment in hospitals to the implants that go in your body: these systems are often designed to harvest titanic amounts of data about you, data you're not allowed to see that's processed by code you're not allowed to audit, with potential felony prosecutions for security researchers who report defects in these systems (only partially mitigated by a limited exemption that expires next year). What's more, it can get much worse. Read the rest

Anti-DRM artists march on the World Wide Web Consortium today

Today, activists will gather in Cambridge, Mass to march to the offices of W3C Director Tim Berners-Lee to urge him to keep DRM out of the standards for the open web. Read the rest

185,000+ IoT security cameras are vulnerable to a new worm

Persirai is a new strain of Internet of Things malware that infects more than 1,250 models of security camera, all manufactured by an unnamed Chinese manufacturer that has sold at least 185,000 units worldwide. Read the rest

Intel declared war on general purpose computing and lost, so now all our computers are broken

It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next? Read the rest

An open letter on DRM to the inventor of the web, from the inventor of net neutrality

Tim Wu, the Colombia University law professor and anti-trust/competition expert who coined the term "Net Neutrality," has published an open letter to Tim Berners-Lee, the creator of the web and director of the World Wide Web Consortium (W3C). Read the rest

Internet Archive: "DRM for the Web is a Bad Idea"

Brewster Kahle, who invented the first two search engines and went on to found and run the Internet Archive has published an open letter describing the problems that the W3C's move to standardize DRM for the web without protecting otherwise legal acts, like archiving, will hurt the open web. Read the rest

Human rights coalition from the global south to W3C: don't put DRM in web standards!

The Just Net Coalition -- whose membership roll includes leading human rights organisations from across the global south -- have written urgently to the World Wide Web Coalition and its founder, Tim Berners-Lee, calling on him to intervene to stop the Consortium from publishing its first-ever DRM standard, a system for restricting video streams called Encrypted Media Extensions. Read the rest

The Internet of Things will host devastating, unstoppable botnets

Bruce Schneier takes to the pages of Technology Review to remind us all that while botnets have been around for a long time, the Internet of Things is supercharging them, thanks to insecurity by design. Read the rest

MEP to Commission: World Wide Web Consortium's DRM is a danger to Europeans

German Member of the European Parliament Julia Reda (previously) has published an open-letter signed by UK MEP Lucy Anderson, raising alarm at the fact that the W3C is on the brink of finalising a DRM standard for web video, which -- thanks to crazy laws protecting DRM -- will leave users at risk of unreported security vulnerabilities, and also prevent third parties from adapting browsers for the needs of disabled people, archivists, and the wider public. Read the rest

Britons! Ask the W3C to protect disabled access, security research, archiving and innovation from DRM

With two days to go until the close of the World Wide Web Consortium members' poll on finalising DRM and publishing it as an official web standard, the UK Open Rights Group is asking Britons to write to the Consortium and its founder, Tim Berners-Lee, to advocate for a much-needed, modest compromise that would protect the open web from the world's bizarre, awful, overreaching DRM laws. Read the rest

A year later, no action from Chinese company whose insecure PVRs threaten all internet users

It's been more than a year since RSA's Rotem Kerner published his research on the insecurities in a PVR that was "white labeled" by TVT, a Chinese company and sold under over 70 brand-names around the world. In the intervening year, tens of thousands of these devices have been hijacked into botnets used by criminals in denial of service attacks, and TVT is still MIA, having done nothing to repair them. Read the rest

Unesco warns the World Wide Web Consortium that DRM is incompatible with free expression

Unesco's Frank La Rue has published a letter to Tim Berners-Lee, Director of the World Wide Web Consortium, warning him of the grave free-speech consequences of making DRM for the web without ensuring that lawful activity that requires bypassing it is also protected. Read the rest

How Netflix is driving permanent, terrible, standards-defined insecurity for billions of browser users

The New Scientist has published a good piece on Encrypted Media Extensions (previously), the World Wide Web Consortium's proposed standard for adding DRM to video streams; they're creating their first-ever standard that is encompassed by laws protecting DRM (such as the DMCA), and in so doing, they're creating new liability for security researchers, who'll face unprecedented criminal and civil liability just for reporting defects in browsers. Read the rest

Longstanding, unpatched Bluetooth vulnerability lets burglars shut down Google security cameras

A security researcher has published a vulnerability and proof-of-concept exploits in Google's Internet of Things security cameras, marketed as Nest Dropcam, Nest Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor; these vulnerabilities were disclosed to Google last fall, but Google/Nest have not patched them despite the gravity of the vulnerability and the long months since the disclosure. Read the rest

W3C moves to finalize DRM standardization, reclassifies suing security researchers as a feature, not a bug

The World Wide Web Consortium has announced that its members have until April 19 to weigh in on whether the organization should publish Encrypted Media Extensions, its DRM standard for web video, despite the fact that this would give corporations the new right to sue people who engaged in legal activity, from security researchers who revealed defects in browsers to accessibility workers who adapted video for disabled people to scrappy new companies who come up with legal ways to get more use out of your property. Read the rest

UC Berkeley nuked 20,000 Creative Commons lectures, but they're not going away

A ruling about a DC university held that posting course videos to the open web without subtitling them violated the Americans With Disabilities Act (while keeping them private to students did not) (I know: weird), and this prompted UC Berkeley to announce the impending removal of 20,000 open courseware videos from Youtube. Read the rest

Wikileaks offers tech giants access to sourcecode for CIA Vault 7 exploits

Wikileaks' seismic Vault 7 release didn't follow the usual Wikileaks procedure: perhaps in response to earlier criticism, the organization redacted many of the files prior to their release, cutting names of CIA operatives and the sourcecode for the cyber-weapons the CIA had developed, which exploit widely used mobile devices, embedded systems, and operating systems. Read the rest

More posts