Copyright Blocking Security Research: Researchers Barred From Exploring Leaked Archive

from the that's-a-problem dept

Two researchers for Kaspersky Lab, Costin Raiu and Anton Ivanov, have published an absolutely fascinating tale of how they successfully tracked down a zero day exploit in Microsoft Silverlight. The story is totally worth reading, and it stems from the researchers trying to find an exploit that was described in an Ars Technica article by Cyrus Farivar, concerning a hacker selling exploits to Hacking Team, which was revealed last summer when Hacking Team got hacked and had all its emails (among other things) released.

Again, the whole story is fascinating and worth reading. The researchers explain how they found the vulnerability (which basically involved setting a trap and eventually having it sprung, more or less after they'd forgotten about it), but there's a surprising tidbit all the way at the end of the article, highlighted by Chris Soghoian, in which the Kaspersky researchers admit that they're not positive the vulnerability they found is the same one described by the Russian hacker who sold his exploits to Hacking Team... thanks to copyright:

One final note: due to copyright reasons, we couldn’t check if the leaked Hacking Team archive has this exploit as well. We assume the security community which found the other zero-days in the HackingTeam leaks will also be able to check for this one.

There's been plenty of talk for years about how copyright can restrict security research. Much of that has focused on anti-circumvention provisions, such as the DMCA 1201, that makes getting around "technological protection measures" a form of copyright infringement. We've seen that issue pop up occasionally, like the time that the RIAA threatened to sue Ed Felten if he presented his research on why its SDMI DRM was broken.

Clearly, however, that's not the issue here. It's not even entirely clear what the exact copyright issue would be here, but it is worth noting that when the leak first happened, at least someone sought to take down the documents by making copyright claims. Perhaps Kaspersky's lawyers fear that even looking through the leaked documents could expose them to some sort of copyright liability.

And, given the way people fling around copyright lawsuits these days, perhaps that's not so crazy from the "limiting liability" perspective. But from the "doing security research" perspective, it's absolutely ridiculous. And, just another example of the dangerous copyright creep -- where this tool is used to stop otherwise perfectly reasonable behavior. In this case, it's not just stopping reasonable behavior, but important research that may be necessary to better protect privacy and safety.

Filed Under: copyright, cybersecurity, security, security research, silverlight, zero days
Companies: hacking team, kaspersky lab, microsoft

Oh Look, Microsoft Is De-Prioritizing Silverlight

from the who-coulda-guessed... dept

Back in August, we noted some online rumors that Microsoft was seriously cutting back on Silverlight, pushing internal folks to work on HTML5 instead. Our comments were filled with people saying that we were crazy and that Microsoft was betting more and more on Silverlight. So it's interesting to see that, after noticing barely any mention of Silverlight at Microsoft's Professional Developers Conference, Mary Jo Foley asked someone at Microsoft what's up, and was told that Microsoft's "strategy has shifted," and the company is betting on HTML5 for its cross-platform efforts. It's true that it's still pushing Silverlight in specific platforms -- with mobile being a big one (and, I'm sure, Netflix movie delivery remaining another), but it does seem like Microsoft is drastically scaling back what it plans for Silverlight.

Filed Under: html5, silverlight
Companies: microsoft

Has Microsoft Extinguished Silverlight?

from the dying-embers dept

Remember Silverlight? That was Microsoft's attempt to take on Adobe Flash. There was plenty of attention paid to it when it launched, but it faded off the map pretty quickly, and that slow fade has only continued to the point that some are speculating that it's now dead. While not the strongest source, an anonymous comment in a forum devoted to Microsoft employees talking about Microsoft has noted that his team was told to stop using Silverlight and focus on HTML 5. It really is quite stunning how little traction Silverlight got over the past few years, and it seems like it certainly could be in Microsoft's best interests to give up the ghost on it.

Filed Under: html 5, silverlight
Companies: microsoft

Putting Metadata In Video For Search Purposes? Patented! Microsoft Sued

from the it-never-ends dept

The last time we wrote about a small company called Gotuit Media, it was in 2003, when the company was suing TiVo for an excessively broad patent about recording TV while playing back TV concurrently. Apparently, the company is still in the business of suing other companies that are putting obvious ideas into practice. For example, it's now suing Microsoft over its implementation of Silverlight-based videos for the Olympics on NBC's website. Microsoft's crime? Apparently the videos are going to include some metadata that will make them searchable, allowing users to search and find specific content. And, that, according to Gotuit, is patent infringement.

Of course, that's ridiculous. If you were to tackle the problem of how to create a search engine for video, one of the first things just about any competent programmer would think of is adding text metadata to the video that would then be used for search. But, thanks to the patent system, apparently you can only do that if you've agreed to pay Gotuit a licensing fee.

Filed Under: metadata, online video, silverlight, video
Companies: gotuit, microsoft