Tuesday, August 21, 2012

From the Ethical Hacker toolkit: Is this why the President keeps texting me?
iPhone users, beware: a recently discovered flaw in iOS makes it possible for anyone to fake the number you’re receiving an SMS message from. This means that an SMS message might seem to come from a trusted source like your friends, family, or even your bank, when in fact it is coming from some unknown source.
The flaw, discovered by pod2g, is said to have been around since the first iteration of iOS on iPhone, and is also present in the latest version of iOS 6, Beta 4. While the problem actually lies with SMS protocols in general, the iPhone’s interface makes it harder to ensure who the SMS is really coming from, and makes it easier to fake the reply-to number. So when you hit reply, you might actually be replying to a different person than the one you think.

All this because a judge in San Francisco rejected the Facebook settlement? We can only hope!
Foretelling the end of money-for-nothing class actions
August 20, 2012 by Dissent
Alison Frankel writes:
A year ago, representing the “victims” of corporate privacy breaches seemed like a decent business model. In a very instructive chart Reuters prepared in June of 2011, my colleague Terry Baynes detailed the outcome of six privacy breach settlements, in which class action lawyers sued companies whose customer information was hacked. Most of the settlements involved payments to name plaintiffs ranging from $250 to $10,000. Other class members usually received no cash — but their lawyers were awarded between $500,000 and $6.5 million. Yes, we all know the lawyers had to work for their money. They filed complaints, probably withstood motions to dismiss, and negotiated settlements that included some kind of promise that defendants would change troublesome behavior. They also had to have their fees approved by federal judges.
But I believe Baynes’ chart may well represent the high point for contingency-fee lawyers who engineer settlements with no tangible benefit for class members.
Read more on Thomson Reuters

If the only difference is electronics rather than paper, why was this ever a question?
In a Blow to Hulu, Judge Rules Video Privacy Law Applies Online
Hulu could be on the hook for potentially millions of dollars in damages for allegedly transmitting consumer viewing habits to third parties, after a federal magistrate ruled that online video watching is protected by U.S. privacy law.
In a proposed class-action against Hulu, U.S. Magistrate Laurel Beeler ruled the Video Privacy Protection Act of 1988 applies to Hulu.

(Related) Maybe it's because legal opinions vary. More likely, it's because it is easier to ask forgiveness that permission.
AT&T's FaceTime limits might conflict with FCC rules
Some people have raised red flags regarding AT&T's limits on the use of FaceTime on the upcoming iOS, alleging the restrictions could go against Federal Communications Commission rules.
"Over-the-top communications services like FaceTime are a threat to carriers' revenue, but they should respond by competing with these services and not by engaging in discriminatory behavior," senior staff attorney at Public Knowledge John Bergmayer said in a statement. Public Knowledge is a nonprofit organization that works on Internet law.
The "discriminatory behavior" that Bergmayer is alluding to is AT&T's newly announced rules on how its subscribers can use FaceTime's video call service. Last week, the network released a statement confirming that users on its upcoming Mobile Share plan can run FaceTime over its cellular network. But other plans still require Wi-Fi to use the video service.

Now we're getting into legal strategy. Perhaps we'll get some interesting options, but I rather doubt it.
"RapidShare has said that the U.S. government should crack down on linking sites rather than punishing file-sharing sites and strangling innovation. The file-sharing site is understandably a little worried about the recent crackdowns on sites involved in or found to be promoting piracy. Daniel Raimer, RapidShare's Chief Legal Officer, is to meet with technology leaders and law enforcement at the Technology Policy Institute forum. [In Aspen CO Bob] Responding to a public consultation on the future of U.S. IP enforcement, the company emphasized that linking sites are the real problem. It wrote, 'Rather than enacting legislation that could stifle innovation in the cloud, the U.S. government should crack down on this critical part of the online piracy network.'"

This seems very wrong to me. Haven't we already tested this? If potential readers/clients can't find you in the net, how does that become an advantage? Sort of the electronic equivalent of asking for compensation to be listed in the phone book.
"Al Jazeera is reporting on the current state of plans by the German government to amend the national copyright law. The so-called 'Leistungsschutzrecht' (neighboring right) for publishers is introducing the right for press publishers to demand financial compensation if a company such as Google wants to link to their web site. Since the New York Times reported on this issue in March this year, two draft bills have been released by the Minister of Justice and have triggered strong criticism from the entire political spectrum in Germany, companies and activist bloggers.(Full disclosure: I am being quoted by Al Jazeera in this article)"

Perhaps if they taught a course on Privacy? What questions should parents (students) ask?
Colleges need schooling on privacy law
August 21, 2012 by Dissent
Lisa Black reports:
At college registration this summer, the room went silent when a dad asked the department dean a question that lurked in the back of all our minds:
What if our kid doesn’t adjust well? How will we know, short of acting like the dreaded hovering helicopter parent, if our teen is struggling with serious anxiety or depression and won’t admit it?
I found the dean’s answer that day to be candid, chilling and — as I realized later — ill-informed.
Read more on Chicago Tribune.
While Ms. Black’s reporting focuses on permissible disclosures, it would be nice to see more reporting on how schools fail to keep information protected and sell or share information that students and/or their parents would not want shared – including directory information. That day, when parents were asking questions, did anyone ask how to prevent the school from sharing information? And if not, did the school voluntarily raise the issue of opting out?

Go to law school, learn how to do extortion right.
Porn pirates set to be outed by German law firm
August 21, 2012 by Dissent
From the what-could-possibly-go-wrong dept.:
A German law firm is threatening to publish a list of people it is accusing of breaching pornography copyright in order to advertise its services – and will start with police stations and church rectories.
Using the driest possible legalese, the Urmann and Colleagues (U+C) firm announced on its website on Tuesday that from September 1, visitors to their site would find a list of people who had been involved in disputes over illegal porn internet downloads.
The firm, based in the southern German town of Regensburg, is one of the country’s biggest copyright law firms and represents a number of pornographers.
Read more on The Local (De).
Apart from the issue of whether such posting would be legal, which is something I’m clearly not qualified to comment on, what if this law firm is just plain wrong in their accusations? What damage might they do if they name and shame innocent parties? And what recourse will such individuals have?
Companies are quick to go after individuals who make negative public comments about them. Let’s see if individuals will be as quick to go after law firms that make negative public assertions about them.

(Related) From the Ethical Hacker toolkit:
If you have ever downloaded multiple files from sites like Rapidshare, you will find that your waiting times get increasingly larger as you download files. Sites like these detect you by your IP address and place download and waiting time restrictions on you. Here to help you bypass those restrictions is a tool called Hideman that masks your network’s IP address.

No comments: