Weekly Edition
Return to the Security page
| |||||||||||||
Security quotes of the week
War texting is something that [Don] Bailey demonstrated earlier this year
with personal GPS locators. He demonstrated how to hack vendor Zoombak's
personal GPS devices to find, target, and impersonate the user or equipment
rigged with those consumer-focused devices. Those low-cost embedded
tracking devices in smartphones or those personal GPS devices that track
the whereabouts of your children, car, pet, or shipment can easily be
intercepted by hackers, who can then pinpoint their whereabouts,
impersonate them, and spoof their physical location, he says.
-- Dark
Reading looks at talk at the upcoming Black Hat conference
What he found is that the batteries are shipped from the factory in a state
called "sealed mode" and that there's a four-byte password that's required
to change that. By analyzing a couple of updates that Apple had sent to fix
problems in the batteries in the past, [Charlie] Miller found that password and was able to put the battery into "unsealed mode."
-- Threat
Post on a Black Hat talk about Apple laptop battery vulnerabilities
From there, he could make a few small changes to the firmware, but not what he really wanted. So he poked around a bit more and found that a second password was required to move the battery into full access mode, which gave him the ability to make any changes he wished. That password is a default set at the factory and it's not changed on laptops before they're shipped. Once he had that, Miller found he could do a lot of interesting things with the battery.
Stage 1 (hiding): All participants registered for the backdoor hiding
game are given a set of requirements for a software program. Before the
deadline, they must submit the source code for a program that fulfills
these requirements plus includes a backdoor. They must also send a
description explaining how to exploit the backdoor.
-- The 2nd Open
Backdoor Hiding and Finding Contest to be held at DEFCON 0x13
Stage 2 (finding): All players registered are given a bundle with the different pieces of source code. To each bundle the organizers will add a few placebos (source codes that fulfill the requirements but should not include a backdoor). Before a deadline, the players must answer for each source code if they believe it includes a backdoor or not.
This archive contains 18,592 scientific publications totaling
33GiB, all from Philosophical Transactions of the Royal Society
and which should be available to everyone at no cost, but most
have previously only been made available at high prices through
paywall gatekeepers like JSTOR.
-- Gregory
Maxwell protests the charges against Aaron Swartz(Log in to post comments)
Security quotes of the week Posted Aug 3, 2011 18:32 UTC (Wed) by dps (subscriber, #5725) [Link]
I am not convinced the research is public domain. The people that actually did the research definitely won't care much: it is by publishing you make the research valuable and claim priority. They actively want people to read and cite the work.
JSTOR is an archive of somewhat older journal articles. The journals that feed articles into JSTOR probably insist on bits of the terms, including the subscription fee. They typically insist on owning the copyright and have large subscription fees, despite the fact that neither authors nor editors get paid anything.
You can actually find a free version of much of the most important work e.g. on some very large preprint archives, all of which have no subscription fees. In Oxford you are unlikely to easily get access to a computer with a subscription without a pass. Former students have these :-)
Security quotes of the week Posted Aug 3, 2011 18:55 UTC (Wed) by andrel (subscriber, #5166) [Link]
The articles in question are classics like the original paper by Bayes on a problem in probability. Or Darwin on barnacles. Or Newton on optics. You're dead wrong about these chaps actively wanting anything.
Security quotes of the week Posted Aug 3, 2011 22:14 UTC (Wed) by njs (guest, #40338) [Link]
> I am not convinced the research is public domain.
I think you might be missing that this is an archive specifically of articles published before 1923.
Of course, that doesn't quite guarantee that they're public domain -- the original articles are unambiguously public domain, but as he says in the README, it's entirely possible that various entities will claim that they own copyright on these *scans* of those articles. AFAICT based on Bridgemen v Corel, those entities would be wrong, at least in the US. But who knows.
Security quotes of the week Posted Aug 5, 2011 16:26 UTC (Fri) by clemenstimpler (guest, #71914) [Link]
In the UK, scans of public domain books are copyrighted, regardless of their age. More here: http://blog.tommorris.org/post/3721800090/british-library...
Security quotes of the week Posted Aug 5, 2011 17:07 UTC (Fri) by nix (subscriber, #2304) [Link]
That would be scans of public domain books obtained from the British Library, not all public domain books everywhere.
Security quotes of the week Posted Aug 5, 2011 22:18 UTC (Fri) by clemenstimpler (guest, #71914) [Link]
IANAL and all that... I should clarify nevertheless. I just wanted to point out that in the UK scans of books in the public domain are deemed to be a work in their own right that is copyrightable (which is why Early English Books - the largest collection of digitised English prints between 1400 and 1800 - is a commercial enterprise that must be licensed). To my knowledge, this would even be true for scans done by a robot (like in Google Books). If you type the text in question, it is in the public domain and can be reproduced. Am I right in assuming that this is somewhat absurd?
In Germany, copyright for reproductions of a work in the public domain is decided on a single-case basis: The decision depends on whether the process of reproducing depends on creative input from the person doing the reproduction. There seems to be no case law yet, so all this is very vague as well.
All in all, the situation concerning 'intellectual-property' rights for the visual reproduction of prints in the public domain is a mess - which is, why I wholeheartedly applaud Aaron Swartz's actions, an act of civil disobedience in the service of science and scholarship.
Security quotes of the week Posted Aug 5, 2011 22:24 UTC (Fri) by njs (guest, #40338) [Link]
I don't see anything there to indicate that there's a special rule that scans made by the British Library are copyrightable, but not other scans... my reading of that link is that the British Library claims that in the UK, scans of public domain are copyrighted in general, and therefore they own the copyright to any scans which they produce, and therefore they can impose a restrictive license on them. Plus, they prohibit you from making your own scans, taking pictures, etc. The end result is that there's no such thing as a legally redistributable scan of any public domain materials in the BL. So yeah, if you can find another copy of one of these rare old books, then you're okay -- but AFAICT many, many museums, archival libraries, etc., all pull this same nonsense, so good luck. (And never mind unique documents, like paintings or hand-written manuscripts...)
It's not at all clear to me that the BL is *correct* that simple scans are copyrightable -- it seems to be an unsettled area in British case law[1]. But there's precedent for these institutions shading the truth about these matters. In the US, museums tried to convince Bridgeman to drop their suit against Corel, because they were pretty sure that reproductions of public domain works *weren't* copyrightable but were claiming copyrights on them anyway, and they could only get away with this so long as no judge ruled on the matter[2].
Quoting the OP: "All too often journals, galleries, and museums are becoming not disseminators of knowledge -- as their lofty mission statements suggest -- but censors of knowledge, because censoring is the one thing they do better than the Internet does."
[1] https://secure.wikimedia.org/wikipedia/en/wiki/Bridgeman_...
|
|||||||||||||