Hiding malware in boobytrapped replacement screens would undetectably compromise your mobile device

On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop. Read the rest

DRM in web standards creates new barriers to accessibility

The World Wide Web Consortium is pressing ahead with its project to standardize a DRM system for the web, without taking any legal steps to protect people whose legitimate activities would be impaired by the DRM system. Read the rest

Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes

Since the 2000 Bush-Gore election crisis and the hanging-chad controversy, voting machine vendors have been offering touchscreen voting machines as a solution to America's voting woes -- and security researchers have been pointing out that the products on offer were seriously, gravely defective. Read the rest

China forces Xinjiang Uyghurs to install mobile spyware, enforces with stop-and-frisk

China's Xinjiang province is home to the Uyghur ethnic/religious minority, whose fights for self-determination have been brutally and repeatedly crushed by the Chinese state: now, people in Xinjiang are being required to install mobile spyware on their devices. Read the rest

Security researcher arrested after he warns Hungarian transit company about their dumb mistake

A teenager discovered that the website of Budapesti Közlekedési Központ -- the public transit authority in Budapest -- would allow you to edit the price you paid for your tickets, so that purchasers could give themselves massive discounts on their travel, and when he told the authority about it, they had him arrested and issued a press-release boasting about it. Read the rest

EFF has appealed the W3C's decision to make DRM for the web without protections

[[Update, July 13: After consultation with W3C CEO Jeff Jaffe on timing, we've temporarily withdrawn this appeal, for one week, for purely logistical purposes. I am teaching a workshop all next week at UC San Diego and will re-file the objection at the end of the week, so that I will be able to devote undivided attention to garnering the necessary support from other W3C members. -Cory]]

Five days ago, the World Wide Web Consortium announced that it would go ahead with its project of making DRM for web-video, and that the Director, Tim Berners-Lee had overruled or decided not to act further on all objections about the dangers this posed to legitimate and important activities including security audits, accessibility adaptation and competition. Read the rest

Investigators into mass murder of Mexican student teachers were attacked with NSO's government spyware

In 2014, 43 students from Mexico's Ayotzinapa Rural Teachers' College went missing in Iguala, in the state of Guerrero: they had been detained by police, who turned them over to a criminal militia, who are presumed to have murdered them. Read the rest

Vidangel is a stupid censorship service and we should welcome it anyway

Vidangel is the latest attempt (along with services like Clearplay and Sony's own filtering tool) to sell a product that allows cringing, easily triggered evangelicals to skip swear words, sex and blasphemy in the media they watch. Read the rest

What's wrong with the Copyright Office's DRM study?

This month's US Copyright Office study on Section 1201 of the DMCA identified many problems with America's DRM laws, which ban bypassing DRM even when no copyright infringement takes place. Read the rest

No, Italy isn't banning the iPhone

On June 23rd, 2017, a lot of noise was made by an Italian newspaper that said that our new Senate Act 2484 had the potential to "ban the iPhone in Italy" (here's an English article). That's just wrong. This is a "device neutrality" bill, protecting a principle every bit as important as net neutrality, and it won't ban the iPhone, but it will protect and benefit Italians.

A DRM-locked, $400 tea-brewing machine from the Internet of Shit timeline

Did you buy a useless $400 "smart" juicer and now feel the need to accessorize it with more extrusions from the Internet of Shit timeline? Then The Leaf from Teaforia is just the thing: it's a tea-maker that uses DRM-locked tea-pods to brew tea in your kitchen so you don't have to endure the hassle of having the freedom to decide whose tea you brew in your tea-brewing apparatus, and so that you can contribute to the impending environmental apocalypse by generating e-waste every time you make a cup of tea. Read the rest

Theresa May wants to ban crypto: here's what that would cost, and here's why it won't work anyway

Aaron Swartz once said, "It's no longer OK not to understand how the Internet works."

Audi's top-of-the-line models implicated in Dieselgate

The hits keep on coming for Volkswagen, whose crimes have not yet been fully detailed, it seems. The EPA discovered Dieselgate emissions-cheating software in 2015, and then a German team found more in 2016, and now, a year later, the German Transport Ministry is recalling 24,000 Audi A7 and A8s for the same reason. Read the rest

Supreme Court to Lexmark: when you sell something, the buyer then owns it

Lexmark has spent nearly 20 years fighting the war on carbon, trying to stop you from refilling your laser printer cartridges. In 2003, they attempted to use the DMCA and DRM to argue that it was an act of piracy (the courts didn't buy it) and then in 2015, they went all the way to the Supreme Court with the idea that you were violating their patent license terms if you treated the cartridges you purchased as though you owned them. Read the rest

Medical implants and hospital systems are still infosec dumpster-fires

Medical devices have long been the locus of information security's scariest failures: from the testing and life-support equipment in hospitals to the implants that go in your body: these systems are often designed to harvest titanic amounts of data about you, data you're not allowed to see that's processed by code you're not allowed to audit, with potential felony prosecutions for security researchers who report defects in these systems (only partially mitigated by a limited exemption that expires next year). What's more, it can get much worse. Read the rest

UK Tories say they'll exploit Manchester's dead to ban working crypto in the UK

One of UK Prime Minister Theresa May's government ministers told a reporter from The Sun that the government is planning on invoking the "Technical Capabilities Orders" section of the Snoopers Charter, a 2016 domestic spying bill; the "orders" allow the government to demand that companies cease using working cryptography in their products and services, substituting it with deliberately defective code that can be broken. Read the rest

All the Second Life rabbits are doomed, thanks to DRM

Every Ozimal digirabbit in the venerable virtual world Second Life will starve to death (well, permanent hibernation) this week because a legal threat has shut down their food-server, and the virtual pets are designed so that they can only eat DRM-locked food, so the official food server's shutdown has doomed them all. Read the rest

More posts