The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the manufacturer's permission. Read the rest
On September 13, owners of HP OfficeJet, OfficeJet Pro and OfficeJet Pro X began contacting third-party ink vendors by the thousand, reporting that their HP printers no longer accepted third-party ink.
Read the rest
The Internet of Things business model dictates that devices be designed with the minimum viable security to keep the products from blowing up before the company is bought or runs out of money, so we're filling our homes with net-connected devices that have crummy default passwords, and the ability to probe our phones and laptops, and to crawl the whole internet for other vulnerable systems to infect.
Read the rest
I'm keynoting the O'Reilly Security Conference in New York in Oct/Nov, so I stopped by the O'Reilly Security Podcast (MP3) to explain EFF's Apollo 1201 project, which aims to kill all the DRM in the world within a decade.
Read the rest
Fast Company's Mark Sullivan asked me to explain what could happen if Apple went through with its rumored plans to ship a phone with no analog sound outputs, only digital ones -- what kind of DRM badness might we expect to emerge?
Read the rest
Rogue archivist Carl Malamud writes, "I just got back from the big debate on is free law like free beer that has been brewing for months at the American Bar Association over the question of who gets to read public safety codes and on what terms."
Read the rest
Backchannel's package on medical data and the health-tech industry profiles three people who were able to shake loose their own data and make real improvements in their lives with it: Marie Moe, who discovered that the reason she was having terrifying cardiac episodes was out-of-date firmware on her pacemaker; Steven Keating, who created a website with exquisitely detailed data on his brain tumor, including a gene-sequence that had to be run a second time because the first scan wasn't approved for "commercial" use, which included publishing it on his own site; and Annie Kuehl, whose advocacy eventually revealed the fact that doctors had suspected all along that her sick baby had a rare genetic disorder, which she only learned about after years of agonizing victim-blaming and terrifying seizures.
Read the rest
The German newspaper Bild am Sonntag says that US investigators have discovered three more hidden cheat apps in a Volkswagen product line: these ones were discovered in 3-liter Audi diesels.
Read the rest
Last week, Andrew Tierney and Ken Munro from Pen Test Partners demoed their proof-of-concept ransomware for smart thermostats, which relies on users being tricked into downloading malware that then roots the device and locks the user out while displaying a demand for one bitcoin.
Read the rest
Today, the EFF and a coalition of organizations and individuals asked the US Federal Trade Commission (FTC) to explore fair labeling rules that would require retailers to warn you when the products you buy come locked down by DRM ("Digital Rights Management" or "Digital Restrictions Management").
Read the rest
20 years ago, Congress ordered the FCC to begin the process of allowing Americans to buy their pay TV boxes on the open market (rather than every American household spending hundreds of dollars a year renting a trailing-edge, ugly, energy-inefficient, badly designed box that is increasingly the locus of networked attacks that expose both the home LAN and the cameras and mics that are more and more likely to be integrated into TVs and decoder boxes) -- now, at last, the FCC is doing something about it.
Read the rest
In a two-month-long class assignment, researchers from the University of Michigan found vulnerabilities in J1939, the standard for networking in big rigs and other large industrial vehicles, that allowed them to control the acceleration, braking, and instrument panels of their target vehicles.
Read the rest
Media Access Australia is the only Australian nonprofit that advocates for making media accessible to people with disabilities -- and they're also a member of the World Wide Web Consortium (W3C), an open standards body that disappointed its supporters when it bowed to the big entertainment and browser companies and agreed to make a DRM system for online video.
Read the rest
Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen.
Read the rest
The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices.
Read the rest
In spring, 2015, American farmers started to spread the word that John Deere claimed that a notorious copyright law gave the company exclusive dominion over repairs to Deere farm-equipment, making it a felony (punishable by 5 years in prison and a $500K fine for a first offense) to fix your own tractor.
Read the rest
In 1924, representatives of the world's leading lightbulb manufacturers formed Phoebus, a cartel that fixed the average life of an incandescent bulb at 1,000 hours, ensuring that people would have to regularly buy bulbs and keep the manufacturers in business.
Read the rest