1201 Archive

Game developers say no to DRM: "hurts our customers"

The developers behind the hotly anticipated Shadow Warrior 2 have gone on record explaining why they didn’t add DRM to their new title: they themselves hate DRM, and understand that DRM disproportionately inconveniences legit customers, not pirates who play cracked versions without DRM. A frequent battle-cry of the copyright maximalist is that “you can’t compete with free.” It’s true that enticing people to …

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries

Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries — that is, pretty much everywhere with reliable electricity and internet access. Imperva, a company that provides protection to websites against Distributed Denial of Service …

The malware that's pwning the Internet of Things is terrifyingly amateurish

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the …

Johnson & Johnson says people with diabetes don't need to worry about potentially lethal wireless attacks on insulin pumps

Rapid7 security researcher Jay Radcliffe (previously) has Type I diabetes, and has taken a personal interest in rooting out vulnerabilities in the networked, wireless-equipped blood-sugar monitors and insulin-pumps marketed to people with diabetes, repeatedly discovering potentially lethal defects in these devices. Recently, Radcliffe revealed that Johnson & Johnson’s 2008 Animas Onetouch Ping insulin pump did not encrypt communications between it and its remote …

HP blinked! Let's keep the pressure on! [PLEASE SHARE!]

Only three days after EFF’s open letter to HP over the company’s deployment of a stealth “security update” that caused its printers to reject third-party cartridges, the company issued an apology promising to let customers optionally install another update to unbreak their printers. That’s good for starters, but it’s a long way from making up for one of the most egregious abuses of …

Electronic voting machines suck, the comprehensive 2016 election edition

It’s been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Over the past decade-plus, it’s only gotten worse. There was that time that Diebold sent thousands of …

Google: if you support Amazon's Echo, you're cut off from Google Home and Chromecast

A closed-door unveiling of the forthcoming Google Home smart speaker platform included the nakedly anticompetitive news that vendors whose products support Amazon’s Echo will be blocked from integrating with Google’s own, rival platform. These platforms are typically designed to allow their vendors to invoke Section 1201 of the DMCA, which makes it a felony to change their configurations in unauthorized ways, meaning …

Your next DDoS attack, brought to you courtesy of the IoT

The internet is reeling under the onslaught of unprecedented denial-of-service attacks, the sort we normally associate with powerful adversaries like international criminal syndicates and major governments, but these attacks are commanded by penny-ante crooks who are able to harness millions of low-powered, insecure Internet of Things devices like smart lightbulbs to do their bidding. Symantec reports on the rising trend in …

EFF to court: don't let US government prosecute professor over his book about securing computers

In July, the Electronic Frontier Foundation filed a federal lawsuit on behalf of Dr Matthew Green, a Johns Hopkins Information Security Institute Assistant Professor of Computer Science; now the US government has asked a court to dismiss Dr Green’s claims. A brief from EFF explains what’s at stake here: the right of security experts to tell us which computers are vulnerable to attack, and …

HTML standardization group calls on W3C to protect security researchers from DRM

The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the …