March 31, 2008
Many people who know or care about computer security probably won’t be surprised to hear claims that Linux or BSD is generally more secure than Windows. That conventional wisdom seems to have been confirmed yet again by the results of a hacking challenge last March 28, Friday, at the CanSecWest 2008 conference. This was reported in the InfoWorld article, “With Vista breached, Linux remains unbeaten in hacking contest“:
Earlier this week, contest sponsors had put three laptops up for grabs to anyone who could hack into one of the systems and run their own software. A $20,000 cash prize sweetened the deal, but the payout was halved each day as contest rules were relaxed and it became easier to penetrate the computers.
On day two, Independent Security Evaluators’ Charlie Miller took the Mac after hitting it with a still-undisclosed exploit that targeted the Safari Web browser. After about two minutes work, Thursday, Miller took home $10,000, courtesy of 3Com’s TippingPoint division, in addition to his new laptop.
It took two days of work, but Shane Macaulay, finally cracked the Vista box on Friday, with a little help from his friends.
Macaulay, who was a co-winner of last year’s hacking contest, needed a few hacking tricks courtesy of VMware researcher Alexander Sotirov to make his bug work. That’s because Macaulay hadn’t been expecting to attack the Service Pack 1 version of Vista, which comes with additional security measures. He also got a little help from co-worker Derek Callaway.
Read the rest of this entry »
1 Comment | 
FOSS, Security | 
Permalink
Posted by Maddog
March 19, 2008
The GPL has won another victory — its biggest so far. Linux-Watch, in the article “Biggest legal victory ever for GPL“, reports:
The Software Freedom Law Center filed a copyright infringement lawsuit on Dec. 6 against Verizon Communications on behalf of its clients, the two principal developers of BusyBox. The suit alleged that Verizon violated the GNU GPLv2 by distributing Actiontec MI424WR wireless routers–which contained unsanctioned GPLv2 code–that were used with Verizon’s fiber-optic Internet and television service, aka FiOS.
On March 17, the SFLC announced that Verizon has come to an agreement with the SFLC and the BusyBox developers, which enables them to dismiss the GPL enforcement lawsuit. BusyBox is a lightweight set of standard Unix utilities commonly used in embedded systems. The popular development tool kit is licensed under GPL. Verizon and Actiontec violated the GPL condition that redistributors of BusyBox are required to ensure that every user of the code, or a device containing the code, must be provided access to the program’s source code.
To date, Verizon is the biggest company to be accused in court of a GPL violation. The fact that the case has ended in a settlement should set a good example for others to follow should they ever find themselves in the same position. Hopefully this will also send a strong signal to those who may think that they can get away with not complying with the terms for using GPLed code.
To learn more about the GPL, its history, and its terms, here are some important resources:
Leave a Comment » | 
FOSS, GPL, Legal | 
Permalink
Posted by Maddog
March 7, 2008
Microsoft-Watch columnist Joe Wilcox is at his best when he tells it like it is. He’s a bit like John C. Dvorak but with less crankiness. In his March 6 post entitled “Interoperability by PR Is a Gambit“, Joe pulled no punches when he gave readers the lowdown on Microsoft’s commitment to interoperability:
Microsoft’s idea of a Document Interoperability Initiative is to put together a bunch of businesses that profit from file format incompatibilities. And that is supposed to demonstrate — quoting from the press release — “Microsoft’s commitment to implement a set of strategic changes in its technology and business practices to expand interoperability through the implementation of its interoperability principles.”
The Document Interoperability Initiative is shameless propaganda along the lines of Monday’s Internet Explorer 8 standards announcement. Real initiative (pun intended) would be a group that included Adobe, Apple, Corel, Google, OpenOffice, Sun and other developers of software that produce documents and/or have their own desktop file formats.
Other forms of “openness” and “interoperability” on the part of Microsoft have been found to be far less substantial than the hype contained in the company’s announcements. You have, for example, Microsoft’s promised release of voluminous documents on the APIs of its major applications, apparently to comply with the directives of the EU Commission. In its February 21, 2008, press release, Microsoft announced:
Read the rest of this entry »
Leave a Comment » | 
FOSS, Legal | 
Permalink
Posted by Maddog
March 5, 2008
Has Philippine Senator Edgardo Angara become a proponent of Digital Restrictions Management (DRM, also deceptively called Digital “Rights” Management by its proponents)?
Last July 3, 2007, the Senator filed “AN ACT AMENDING CERTAIN PROVISIONS OF REPUBLIC ACT NO. 8293 OR THE “THE INTELLECTUAL PROPERTY CODE OF THE PHILIPPINES” AND FOR OTHER PURPOSES”, also known as Senate Bill 880. The bill’s short title, “AMENDING R.A. NO. 8293, TO INCLUDE INTERNET PIRACY”, can give you an idea of its general purpose.
For much of the bill, the focus is on minor changes to existing laws on copyright enforcement, fair use, personal importation of copyrighted works, registration of copy right, copyright infringement, and related procedural matters. In the beginning and at the end of the bill, however, definitions and measures are introduced which give legal protection to DRM techniques by prohibiting ways to circumvent them.
At the beginning of Bill 880, the terms “effective technological measure” and “rights management information” are defined as follows:
SECTION 229A TECHNOLOGICAL PROTECTION MEASURES
“EFFECTIVE TECHNOLOGICAL MEASURE” MEANS ANY TECHNOLOGY, DEVICE OR COMPONENT THAT, IN THE NORMAL COURSE OF ITS OPERATIO N, CONTROLS ACCESS TO A PROTECTED WORK, SOUND RECORDING, OR OTHER SUBJECT MATTER, OR PROTECTS ANY COPYRIGHT OR ANY RIGHTS RELATED TO COPYRIGHT AS PROVIDED BY THIS ACT.
171.13 “RIGHTS MANAGEMENT INFORMATION” MEANS INFORMATION WHICH IDENTIFIES THE WORK, SOUND RECORDING OR PERFORMANCE; THE AUTHOR OF THE WORK, PRODUCER OF THE SOUND RECORDING OR PERFORMER OF THE PERFORMANCE; THE OWNER OF ANY RIGHT IN THE WORK, SOUND RECORDING OR PERFORMANCE; OR INFORMATION ABOUT THE TERMS AND CONDITIONS OF THE USE OF THE WORK, SOUND RECORDING OR PERFORMANCE; AND ANY NUMBERS OR CODES THAT REPRESENT SUCH INFORMATION, WHEN ANY OF THESE ITEMS IS ATTACHED TO A COPY OF THE SOUND RECORDING OR FIXATION OF WORK, PERFORMANCE OR APPEARS IN CONNECTION WITH THE COMMUNICATION TO THE PUBLIC OF A WORK, SOUND RECORDING OR PERFORMANCE. NOTHING IN THIS ACT REQUIRES THE OWNER OF ANY R IGHT IN THE WORK, SOUND RECORDING, OR PERFORMANCE TO ATTACH RIGH TS MANAGEMENT INFORMATION TO COPIES OF IT OR TO CAUSE RIGHTS MANAGEMENT INFORMATION TO APPEAR IN CONNECTION WITH A COMMUNICATION OF THE WORK, SOUND RECORD ING OR PERFORMANCE TO THE PUBLIC.
Read the rest of this entry »
Leave a Comment » | DRM, Digital Restrictions Management, Legal | Tagged: Digital Restrictions Management, DRM, Internet, Legal | Permalink
Posted by Maddog
Many people who know or care about computer security probably won’t be surprised to hear claims that Linux or BSD is generally more secure than Windows. That conventional wisdom seems to have been confirmed yet again by the results of a hacking challenge last March 28, Friday, at the CanSecWest 2008 conference. This was reported in the InfoWorld article, “With Vista breached, Linux remains unbeaten in hacking contest“:
