In case you weren't following the Lori crew case she had been convicted of of misdemeanor for violating the Computer Fraud and Abuse Act (CFAA) by violating the terms of service of MySpace when she created her account.
The judge has just recently overturned the conviction. Analysis and coverage from several places.
Congratulations to one of her Lawyers, Orin Kerr, whose analysis of the Ninth Circuit's opinion I posted about last week.
Monday, August 31, 2009
Friday, August 28, 2009
Important Legal Decision Regarding the Fourth Amendment and the Plain View Exception
Some interesting discussion this week of a case recently decided in the Ninth Circuit. The case is "United States v Comprehensive Drug Testing". The decision is here.
Essentially the Ninth circuit is trying to proactively eliminate the plain view exception to warrant requirements under the fourth amendment when applied to computer searches.
I can't do the decision justice or put it in context. I recommend reading the following posts if you're interested in learning more. Some excellent discussion topics on the first blog post below.
Personally, I think this is a pretty good idea, we'll just have to see whether it passes muster constitutionally.
Essentially the Ninth circuit is trying to proactively eliminate the plain view exception to warrant requirements under the fourth amendment when applied to computer searches.
I can't do the decision justice or put it in context. I recommend reading the following posts if you're interested in learning more. Some excellent discussion topics on the first blog post below.
- How the Ninth Circuit Tried To End Plain View for Computer Searches Without Ending Plain View for Computer Searches.
- Beyond A-Rod and ManRam: Plain Talk on the ‘Plain View Doctrine
Personally, I think this is a pretty good idea, we'll just have to see whether it passes muster constitutionally.
Friday, August 07, 2009
Monday, August 03, 2009
Extortion or Responsible Disclosure?
I was just reading an article in Wired - "Electronic High-Security Locks Easily Defeated at DefCon".
A quote from the article:
It got me thinking - I've never heard of anyone doing this in the software world. For those who just have a website, I suppose this kind of threat isn't too big a deal. Most reasonable software vendors provide patching on an ongoing basis, but for those who don't, is anyone aware of any cases like this? A researcher requiring the vendor to promise to fix the product before they disclose the defect?
A quote from the article:
The lock makers say they can’t respond to the issues Tobias is raising until he tells them exactly how his attacks work. But before he’s willing to give them the details, Tobias has insisted the makers agree to fix the vulnerable locks retroactively with no cost to customers who have already purchased them. Something they refuse.
It got me thinking - I've never heard of anyone doing this in the software world. For those who just have a website, I suppose this kind of threat isn't too big a deal. Most reasonable software vendors provide patching on an ongoing basis, but for those who don't, is anyone aware of any cases like this? A researcher requiring the vendor to promise to fix the product before they disclose the defect?
Software Assumptions Lead to Preventable Errors
Here is a paper I co-wrote with Gunnar Peterson for the IEEE Security and Privacy Magazine. The title is pretty much the subject of the piece - how assumptions in the development process, and the associated lack of documentation and explicit statement of those assumptions, leads to preventable errors. We cover some techniques for documenting assumptions across a number of areas of the product lifecycle. Hopefully there are a few ideas here about formally documenting assumptions that you'll find useful.
Note: This article is Copyright IEEE and was originally published in IEEE Security &
Privacy magazine, vol. 7, no. 4, 2009, pp. 84-87.
Note: This article is Copyright IEEE and was originally published in IEEE Security &
Privacy magazine, vol. 7, no. 4, 2009, pp. 84-87.
Subscribe to:
Posts (Atom)