Weekly Edition
Return to the Security page
| |||||||||||||
Security quotes of the week
That's security in today's world. We have no choice but to trust
Microsoft. Microsoft has reasons to be trustworthy, but they also have
reasons to betray our trust in favor of other interests. And all we can do
is ask them nicely to tell us first.
-- Bruce
Schneier on the Open Letter
to Skype
That said, recently made security "improvements" to Java
SE 7 software don't prevent silent exploits at all. Users
that require Java content in the web browser need to rely
on a Click to Play technology implemented by several web
browser vendors in order to mitigate the risk of a silent
Java Plugin exploit.
-- Adam
Gowdiak is unimpressed with recent Java security updates
Newegg refuses to settle in cases like this, even when it would be cheaper
to settle than to fight. They beat the hell out of Soverain, killed their
patent, and freed not just themselves, but all the firms that faced
potential extortion from them -- and all of us, who will pay higher prices
to keep these ticks nicely, comfortably bloated with their parasitic gains.
-- Cory Doctorow
We require that government agencies conducting criminal investigations use
a search warrant to compel us to provide a user's search query information
and private content stored in a Google Account—such as Gmail messages,
documents, photos and YouTube videos. We believe a warrant is required by
the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable
search and seizure and overrides conflicting provisions in ECPA [Electronic
Communications Privacy Act].
-- Google(Log in to post comments)
Newegg Posted Jan 31, 2013 3:10 UTC (Thu) by dskoll (subscriber, #1630) [Link] The Newegg strategy is commendable. If all companies took that approach and stood up to patent trolls, and (importantly) made pacts to assist one another in defending against patent trolls, then a large part of the patent problem would go away without a single legislator raising a finger to improve the system. Good job.
Newegg's job isn't finished Posted Jan 31, 2013 22:19 UTC (Thu) by Max.Hyre (subscriber, #1054) [Link] Hear, hear!Unfortunately, the judgment was overturned on appeal, but that leaves two layers of the U.S. justice system available to Soverain: en banc review by the Court of Appeals, and an appeal to the Supreme Court. Only if Soverain fails to appeal, or the appeal is denied, or on appeal the judgment is upheld, all the way to the top, can we be sure there's a stake through the patents' heart. (Yeah, one stake will suffice for all of them.) Remember SCO, and check in on this one every so often.
Security quotes of the week Posted Jan 31, 2013 4:42 UTC (Thu) by mgb (guest, #3226) [Link] ... require ... criminal investigations ... search warrant ... GoogleWhat of non-criminal investigations?
Security quotes of the week Posted Jan 31, 2013 17:04 UTC (Thu) by bosyber (subscriber, #84963) [Link]
In that case I suppose it follows from a discovery request in a civil case, or is ignored silently? At least I guess Google does not normally just hand out all your data on random requests. "Only" an analysis of your behaviour to those that pay, supposedly anonimyzed?
Security quotes of the week Posted Feb 1, 2013 18:41 UTC (Fri) by giraffedata (subscriber, #1954) [Link] A National Security Letter is for matters of national security, and I doubt that would apply to any non-criminal investigation. In any case, it wouldn't apply to most of them. A discovery request goes to the other party a lawsuit, and Google isn't talking about cases in which Google is a party. What Google would require in the case of the non-criminal investigation is a subpoena coupled with a court order to compel compliance. Though Google doesn't mention that, we can assume Google would comply with such a court order since it has even more due process than a search warrant and treads far more lightly on the subject's rights than a search warrant (a search warrant gives the police license to go through your stuff; the subpoena just tells you to to do the search yourself). What Google is announcing it will ignore is a subpoena without the order to compel compliance. Such a subpoena doesn't come from a judge.
Security quotes of the week Posted Feb 1, 2013 19:37 UTC (Fri) by raven667 (subscriber, #5198) [Link]
How did the FBI get access to Petraeus Gmail account without a criminal investigation or warrant? ISTM that a merely curious FBI agent can get into pretty much anything they want without any meaningful oversight.
Security quotes of the week Posted Feb 1, 2013 19:49 UTC (Fri) by mgb (guest, #3226) [Link]
NSLs are for fishing expeditions where there is no evidence of a crime and no judge will issue a subpoena.
No sane informed non-US person keeps proprietary information in the US (e.g. Gmail).
Google, search warrants, and National Security Letters Posted Feb 2, 2013 22:45 UTC (Sat) by giraffedata (subscriber, #1954) [Link] How did the FBI get access to Petraeus Gmail account without a criminal investigation or warrant? That's a good point. In fact, I recall now that a government employee can be considered a security risk just because he is in debt (because it makes him more susceptible than the average employee to bribes and extortion). So I agree - a national security matter doesn't have to be a criminal matter and an NSL could be used in a non-criminal investigation. From what I've read, I believe Google would not comply with an NSL demanding user information. Google's position is based on the U.S. Constitution, which takes precedence over the act of Congress that created NSLs.
Google, search warrants, and National Security Letters Posted Feb 3, 2013 4:06 UTC (Sun) by raven667 (subscriber, #5198) [Link]
I should point out that they didn't know who the accounts belonged to until after they searched them. Could have been you, me, any bodies.
|
|||||||||||||