Re: Re: Forcing you to accept TOS to use a product should be illegal
I agree completely. Unfortunately, the Sony PS3 case shows that the courts do not.
The PS3 MUST receive firmware updates to play new games. Every firmware update requires the end user to accept the new EULA. If they do not, then the console is useless. They can not even downgrade to the original firmware.
Worse, this new firmware can remove features. This was the big thing when Sony removed the ability to run Linux on the PS3. The courts found that there's nothing wrong with any of this. You can't even get your money back.
I can see one of two things happening when the contractor's lawyers hear about this. They could fix the issue, or they could laugh in the face of the software devs.
If they try the second then they're just begging to be sued for several hundred million cases of infringement. With a statutory max of $150,000/infringement. You're talking the entire national debt right there. If you're talking minimum that's still at least $75 billion.
I'm wondering if team Prenda slipped some things in the document after she signed it.
Reading the actual document, all it says is she notified Cooper, hat she has no basis to believe that Steele owned the company, and that she has no proof of anything.
The picture of the house is sort of out there in left field. It has nothing to do with any of the other statements.
Hua wei, Cisco, HP, and other manufacturers are a good jumping off point for the NSA to hack other networks. Something the US specifically authorizes them to do. Plus, Huawei has so many bugs that their OS is a giant backdoor.
The thing everyone has a problem with is the over reach of the NSA. Targeted attacks, even to third parties, to obtain specific intel aren't really something that most people worry about here in the US. It's making sure that there's a proper legal channel to get a warrant through an adversarial proceeding that annoys me personally.
You have a good point, but there are problems with HSMs.
First, they're expensive. A good HSM easily can run into the hundred thousand dollar range. Second, you can only have one server terminating all SSL connections. Since the HSM wont let anyone get the key, then the server with the HSM must be able to handle everyone. Then there's the downtime that occurs if the server or HSM ever breaks. They'd need to get a whole new Cert issued.
The big reason why companies don't use Hardware Security Modules to store their SSL keys is the way that HSMs work. In order to make sure the keys never leave the HSM, the HSM itself decrypts all the data. Something that just isn't feasible when dealing with multiple SSL connections.
Look at some of the other techdirt articles. Brazil is depating legislation which will require internet companies to keep all their data in Brazil. If every country did this then every internet company will have to have hundreds of data centers. This also lets the government more easily censor the internet.
A more reasonable approach is to require all companies and countries to meet certain privacy standards. This still ends up being a mess though. Google caught a ton of flack for just trying to unify their privacy policy. What if two countries policies are in direct conflict? Users in countries X and Y will have their data stored for 10 years, while users in country Z will have unattended data deleted in 2 years....
Campus police are state troopers, and thanks to federal and state law campus property is treated differently than private property. Campus administration normally takes this to mean they can do whatever they want, and if you disagree then you get fined or arrested. Don't pay the fine, don't get your transcript. So you can't transfer and you can't graduate.
While this is the first time I've heard of such blatant disregard of free speech issues, my Uni required us to fill out "party permits" or the cops would bust in and kick everyone out. What constitutes a "Party" is up to the officer. Too many people, well that's a party.
That's a violation of the First Amendment, but the reason no one does anything is because they would find something else to charge everyone with. That friend of a friend that you don't know, but is there. If he's under 21 and brought a flask, everyone's screwed. It doesn't matter if the flask was in a backpack and no one knew it was there.
Umm, no. That would be the National Reconnaissance Office. Furthermore, NASA is no more part of the military than any other government agency. Seriously, that was one of the founding principles of the organization.
The FBI needs to be careful when it comes to things like this. Even if it is legal, and I'm not saying it is, it certainly sets a double standard.
Any time you have something along the lines of "Normal people can't do this, but the government can," you run into tricky balance of power issues. Even worse, if the government does something too often or particularly bad people start asking "Why can't I do this. If the government is doing it then it might be illegal, but it's probably not immoral."
This doesn't even get into the abuse of power issues. Just compare the Lori Drew case to what the government has admitted to doing here. In the first they tried to twist a hacking law to apply to violating a websites Terms of Service. In the second, they deliberately hacked potentially innocent third party computers. This clear abuse of power is why many people don't trust the government, and are beginning to believe that laws have lost touch with their moral roots.
I doubt it was a hack. However, I'd put good money on it being a drunk or disgruntled employee.
I honestly feel sorry for the store, but think that they could have handled things better. Instead of shutting down their account they could have used it to issue an apology. The most likely possibility is the owner/manager knowing nothing about social media, so when things went wrong the instinctive reaction was to just cancel the account.
Evolution is amazing. Especially since all it's based on is the statistical likelihood of random mutations affecting birthrates. It is neither good nor bad, it's merely based on statistics. And lets face it, everyone wants their child to be above average.
If you want a good science fiction series dealing with the potential of genetically engineered humans look at Gundam Seed.
No one is saying that they are ready to start tinkering with human babies just yet, but let me ask you a question. If you could know that your child would have a chronic illness, would you have the test done. How about if it could be fixed? Sequencing a persons entire genetic code is still relatively slow and expensive, but it only has to be done once.
Here's another thing to think about. Umbilical stem cells. These things are turning out to be hugely important. I wouldn't be surprised if quite a few hospitals start offering to store those in case the newborn needs an organ grown in thirty or forty years.
Re: Maybe also motivated by clumsy DoD site-blocking policies
Hmm, that's an interesting possibility. Unfortunately, having necessary military information and services sharing the same domain as self hosted websites is just a bad idea.
I'm aware that different subdomains can be completely separated, but the cost of a domain name is so cheap that it's not worth the potential trouble. The largest reason to not go with a separate domain name is shared hosting. At that point domain names are the least of the universities security troubles.
The sad thing is the reason why cell phones make the effort.
It's not about good will. First, it was because carriers liked the lock in. Remember those old java phones where the only way to get new ringtones was to buy a 30 second clip for $5? The other reason was Steve Jobs and his control freak tendencies.
If you look at cell phone security, most of it is stupidly weak. The only thing it's good for is keeping non technical users from breaking anything too badly.
They're using man in the middle attacks. So, you're securely talking to a NSA computer which is then talking to the real server.
The hard part is for the NSA computer to pretend to be the real server. There are three ways for them to do so. First, they could have demanded/stolen the secret key and certificate from the server they're trying to intercept traffic to. Second, they could have a trusted Certificate Authority (CA) tell the user that they are the server. Third, they could use their massive supercomputers to fake a valid certificate.
We've heard a decent bit about the first one. The second one happens because browsers operate on a chain of trust that is completely invisible to a normal user. It would be easiest for them to go this route. The third method was actually demonstrated by a couple of researchers. They used a bunch of PS3s to sign a valid md5 based certificate. It's an old attack, but someone on that huge invisible chain of trust is probably still vulnerable.
Like Snowden said. The problem isn't the encryption, it's everything else. In this case, web browsers relying on public key cryptography with some major flaws.
Google wanted to loose. Now there are precedents for most major courts regarding frand patents. Microsoft's mobile division makes a huge amount of money of threatening to sue Android phone makers. Combine that with the Cisco ruling preventing Google from being directly involved in any lawsuit that does crop up, and losing these Motorola cases actually helps Google.
On the post: Insanity Rules In East Texas: Jury Finds Newegg Infringes On Ridiculous Encryption Patent
Re: Support Newegg
http://www.newegg.com/Product/Product.aspx?Item=N82E16800996221
On the post: LG Smart TV Caught Collecting Data On Files Stored On Connected USB Drives
Re: Re: Forcing you to accept TOS to use a product should be illegal
The PS3 MUST receive firmware updates to play new games. Every firmware update requires the end user to accept the new EULA. If they do not, then the console is useless. They can not even downgrade to the original firmware.
Worse, this new firmware can remove features. This was the big thing when Sony removed the ability to run Linux on the PS3. The courts found that there's nothing wrong with any of this. You can't even get your money back.
On the post: Healthcare.gov Violates Open Source License
Re: Re: Re: Re:
That means every time anyone visits a web page on the site, they're committing infringement.
I hope no one in Japan tried to visit healthcare.gov. That's 2 years in jail for each page visited.
On the post: Healthcare.gov Violates Open Source License
Re: Re:
I can see one of two things happening when the contractor's lawyers hear about this. They could fix the issue, or they could laugh in the face of the software devs.
If they try the second then they're just begging to be sued for several hundred million cases of infringement. With a statutory max of $150,000/infringement. You're talking the entire national debt right there. If you're talking minimum that's still at least $75 billion.
On the post: Team Prenda Tries To Flip The Story Of John Steele's Mother-in-Law To Make Alan Cooper Look Bad
Re: Re: Bets on Signature authenticity?
Reading the actual document, all it says is she notified Cooper, hat she has no basis to believe that Steele owned the company, and that she has no proof of anything.
The picture of the house is sort of out there in left field. It has nothing to do with any of the other statements.
On the post: How The NSA Pulls Off Man-In-The-Middle Attacks: With Help From The Telcos
Re:
http://www.youtube.com/watch?v=ugdpbPW_k3g&feature=player_detailpage#t=1936
Hua wei, Cisco, HP, and other manufacturers are a good jumping off point for the NSA to hack other networks. Something the US specifically authorizes them to do. Plus, Huawei has so many bugs that their OS is a giant backdoor.
The thing everyone has a problem with is the over reach of the NSA. Targeted attacks, even to third parties, to obtain specific intel aren't really something that most people worry about here in the US. It's making sure that there's a proper legal channel to get a warrant through an adversarial proceeding that annoys me personally.
http://en.wikipedia.org/wiki/Writ_of_assistance
On the post: Lavabit Tried Giving The Feds Its SSL Key In 11 Pages Of 4-Point Type; Feds Complained That It Was Illegible
Re: HSM
First, they're expensive. A good HSM easily can run into the hundred thousand dollar range. Second, you can only have one server terminating all SSL connections. Since the HSM wont let anyone get the key, then the server with the HSM must be able to handle everyone. Then there's the downtime that occurs if the server or HSM ever breaks. They'd need to get a whole new Cert issued.
The big reason why companies don't use Hardware Security Modules to store their SSL keys is the way that HSMs work. In order to make sure the keys never leave the HSM, the HSM itself decrypts all the data. Something that just isn't feasible when dealing with multiple SSL connections.
On the post: Brazilian President Blasts NSA Spying In Front Of World Leaders -- Including Obama -- At UN
Re:
A more reasonable approach is to require all companies and countries to meet certain privacy standards. This still ends up being a mess though. Google caught a ton of flack for just trying to unify their privacy policy. What if two countries policies are in direct conflict? Users in countries X and Y will have their data stored for 10 years, while users in country Z will have unattended data deleted in 2 years....
On the post: Judge Steps Down, Chooses Comedy
Sad
On the post: California College Tells Student He Can't Hand Out Copies Of The Constitution On Constitution Day
Re: Re:
While this is the first time I've heard of such blatant disregard of free speech issues, my Uni required us to fill out "party permits" or the cops would bust in and kick everyone out. What constitutes a "Party" is up to the officer. Too many people, well that's a party.
That's a violation of the First Amendment, but the reason no one does anything is because they would find something else to charge everyone with. That friend of a friend that you don't know, but is there. If he's under 21 and brought a flask, everyone's screwed. It doesn't matter if the flask was in a backpack and no one knew it was there.
On the post: Angered By The NSA, But Confused By Acronyms, Brazilian Hacker Defaces NASA Websites
Re: Not that far off.
http://www.nro.gov/about/
On the post: How Ruling On WiFi Snooping Means Security Researchers May Face Criminal Liability
Re: Re:
http://community.eveonline.com/news/dev-blogs/
You're welcome.
This is a multi-million dollar business too.
On the post: Yes, The FBI Used Malware To Try To Reveal Tor Users
Moral VS Legal
Any time you have something along the lines of "Normal people can't do this, but the government can," you run into tricky balance of power issues. Even worse, if the government does something too often or particularly bad people start asking "Why can't I do this. If the government is doing it then it might be illegal, but it's probably not immoral."
This doesn't even get into the abuse of power issues. Just compare the Lori Drew case to what the government has admitted to doing here. In the first they tried to twist a hacking law to apply to violating a websites Terms of Service. In the second, they deliberately hacked potentially innocent third party computers. This clear abuse of power is why many people don't trust the government, and are beginning to believe that laws have lost touch with their moral roots.
On the post: When Twitter Promotions Go Wrong: IL Pizzeria Offers Food For Flashing
I honestly feel sorry for the store, but think that they could have handled things better. Instead of shutting down their account they could have used it to issue an apology. The most likely possibility is the owner/manager knowing nothing about social media, so when things went wrong the instinctive reaction was to just cancel the account.
On the post: DailyDirt: Children Are The Future, Engineer Them Well, & Let Them Lead The Way
Re: What could POSSIBLY go wrong?
If you want a good science fiction series dealing with the potential of genetically engineered humans look at Gundam Seed.
No one is saying that they are ready to start tinkering with human babies just yet, but let me ask you a question. If you could know that your child would have a chronic illness, would you have the test done. How about if it could be fixed? Sequencing a persons entire genetic code is still relatively slow and expensive, but it only has to be done once.
Here's another thing to think about. Umbilical stem cells. These things are turning out to be hugely important. I wouldn't be surprised if quite a few hospitals start offering to store those in case the newborn needs an organ grown in thirty or forty years.
On the post: Yelp Sues Law Firm For Posting Fake Reviews
Cease and Desist
At this point the fake reviews are like harassment. They're annoying, easily identified, but still take time and energy to remove.
While the default lawsuit strategy is "go for the money" a simple C&D would be enough to both get the point across.
On the post: Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server
Re: Maybe also motivated by clumsy DoD site-blocking policies
I'm aware that different subdomains can be completely separated, but the cost of a domain name is so cheap that it's not worth the potential trouble. The largest reason to not go with a separate domain name is shared hosting. At that point domain names are the least of the universities security troubles.
On the post: Latest Snowden Leak Reveals NSA's Ability To Tap Your Mobile Phone
Re: Re:
It's not about good will. First, it was because carriers liked the lock in. Remember those old java phones where the only way to get new ringtones was to buy a 30 second clip for $5? The other reason was Steve Jobs and his control freak tendencies.
If you look at cell phone security, most of it is stupidly weak. The only thing it's good for is keeping non technical users from breaking anything too badly.
On the post: Latest Leak Shows NSA Engaging In Economic Espionage -- Not Fighting Terrorism
Re:
The hard part is for the NSA computer to pretend to be the real server. There are three ways for them to do so. First, they could have demanded/stolen the secret key and certificate from the server they're trying to intercept traffic to. Second, they could have a trusted Certificate Authority (CA) tell the user that they are the server. Third, they could use their massive supercomputers to fake a valid certificate.
We've heard a decent bit about the first one. The second one happens because browsers operate on a chain of trust that is completely invisible to a normal user. It would be easiest for them to go this route. The third method was actually demonstrated by a couple of researchers. They used a bunch of PS3s to sign a valid md5 based certificate. It's an old attack, but someone on that huge invisible chain of trust is probably still vulnerable.
Like Snowden said. The problem isn't the encryption, it's everything else. In this case, web browsers relying on public key cryptography with some major flaws.
On the post: Once Again, Motorola Gets Slapped Around Over Attempt To License Standards Patents At High Rates To Microsoft
Court Precedent
Google wanted to loose. Now there are precedents for most major courts regarding frand patents. Microsoft's mobile division makes a huge amount of money of threatening to sue Android phone makers. Combine that with the Cisco ruling preventing Google from being directly involved in any lawsuit that does crop up, and losing these Motorola cases actually helps Google.
Next >>