Student Charged With Crime For Telling University Officials About Security Hole

News You Could Do Without

from the blame-the-messenger dept

For many years, we’ve covered case after case after case after case after case after case after case of people being blamed, arrested or even jailed for pointing out a security flaw. It should come as no surprise that many security researchers claim that it’s just not worth it to research security vulnerabilities, since the risk is just too high.

It doesn’t seem like those on the other side are getting the message just yet. Slashdot points us to the latest example, where a student at Carleton University has been arrested and charged with computer hacking after discovering a vulnerability and writing up a 16-paged paper to tell university officials about the vulnerability. A criminal doesn’t write up a huge paper telling officials how to fix their problems. This just scares off people from telling universities that their systems are insecure. Remember, a few years back in Ohio there was a similar situation, with the whistleblower blamed — and then the school didn’t bother fixing the vulnerability, leading to more info being leaked.

Filed Under: blame, carleton university, hacking, white hat

Is Stubhub Guilty Of Violating Anti-Scalping Laws? Not This Time…

Legal Issues

from the unsettled-law dept

We’ve seen a few different lawsuits involving ticket reselling website Stubhub (owned by eBay). Last year, you may remember, a court forced Stubhub to hand over the identity of sellers of New England Patriots’ tickets, despite the fact that Stubhub’s terms of service protect users’ privacy. One of the big questions brought up by various lawsuits is whether or not Stubhub is guilty of violating various anti-scalping laws. It seems like it would be clear that Stubhub, as the platform provider, is not liable and is protected by Section 230 of the CDA. And, in fact, that’s what a court has just found, dismissing a complaint against Stubhub. However, as Eric Goldman notes at that link, this seems to contradict with at least one other ruling against Stubhub — meaning that this is hardly settled law, and we should expect to see a bunch more lawsuits along these lines pop up before this gets worked out.

Filed Under: liability, scalping, section 230
Companies: ebay, stubhub

AT&T Moves Away From 'Up To' Marketing

Surprises

from the finally! dept

For years, one of our pet peeves was the use of “up to” in telco marketing — as in, “you get speeds up to 10 Mbps!” The “up to” lets providers basically make up whatever they want, as any speed below that number is still technically covered. However, in the last few years, some have started pushing back — even questioning whether the use of “up to” marketing was false advertising. That’s why it’s nice to see that AT&T, for one, appears to be moving away from the practice. Broadband Reports notes that AT&T’s new terms of service seems to show the range of speeds, rather than using “up to.” That seems a lot more accurate and reasonable.

Filed Under: marketing, truth in advertising, up to

Google On The High Seas

(Mis)Uses of Technology

from the yo-ho-ho-an'-a-barrel-o'-patents dept

It looks like Google has had enough of the taxes, rules, and regulations associated with hosting its data in various countries around the world. Its solution? Floating data centers anchored beyond national boundaries. The idea seems pretty ridiculous on its face. The costs associated with maintaining a fleet of barges, in addition to the challenges that would arise regarding server maintenance, power requirements (wave power? really?), and security (protection from real pirates), make the effectiveness of such a solution highly questionable. To make this story even more ridiculous, Google has filed for a patent on the idea, presumably so that it can reap the huge rewards when everyone else realizes that hosting data at sea is the way to go. To be fair, this is likely just a defensive patent filing — given Google’s past patent activities. But what does it say about the patent system when a company has to waste the resources of the patent office, on an idea that’s probably never intended to be implemented, with the possible effect of preventing someone else from innovating in a related area? And, even though the idea as proposed may be silly, what if someone else could make something similar work? Do we want a single company to have the exclusive right to attempt something like this? The patent system is supposed to promote progress, not be an anchor dragging it down.

Filed Under: barges, data centers, international waters, patents
Companies: google

Baidu Expose Suggests That It's A Lot More Involved In Music Downloads Than It Lets On

(Mis)Uses of Technology

from the not-so-much-of-an-innocent-bystander dept

More than three years ago, when Chinese search engine Baidu first filed to go public, we noted that it’s huge advantage over Google in China appeared to stem from its very popular music download search engine — and we wondered if going public would force that to go away, potentially damaging the company’s bottom line significantly. In fact, we were surprised that it appeared that the investors in the site hadn’t done much due diligence to understand what was going on. The recording industry wasted little time in suing Baidu. While Baidu won the first case on a technicality and quickly sued again.

At first, this did seem like a typical situation seen with other online search engines, such as The Pirate Bay or even Google, where it’s not really clear how Baidu could stop the searches for unauthorized music. However, a new investigative report by The Register found evidence that suggests Baidu is actually a lot more involved in the music download business than it lets on. Specifically, the search results mostly link to a mysterious network of sites that are only reachable via Baidu searches. You can’t just go to the sites directly. The sites themselves have a long (and potentially growing) list of random domain names such that the songs constantly move around, and any time Baidu receives a “takedown” it can claim it complied, while the music almost immediately shows back up on the next domain in the list. Also, Baidu almost never links to other, legitimate, download sites — preferring to point people to these sites that are unreachable outside of Baidu instead.

All in all, it certainly sounds like Baidu is a lot more involved in providing the actual downloads than it would as just a search engine.

That said, The Register’s report includes a variety of unsupported statements about how this has “destroyed” economic activity in the music business. As we’ve seen, the music business has actually adapted to the expectation that the music itself is free in China. I recognize that it’s popular for the RIAA and IFPI to make claims about how downloading is destroying the music industry, but you would think that the Register would know better.

Filed Under: china, downloads, music
Companies: baidu

Malaysia Stops Blocking Opposition Blog… But Arrests Its Founder

Politics

from the not-very-comforting dept

Over the last few years, we’ve followed the ongoing efforts of gov’t officials to figure out the whole “blogging” thing. It started off poorly with gov’t officials insulting bloggers and trying to pass a law that would have required all bloggers to register with the government. After that failed, the ruling party looked, for a bit, as if it might be trying to understand and embrace blogs. It set up an agency just to respond to blogs and even told certain of its own candidates for office that they needed to blog themselves. However, apparently it was the opposition party that embraced blogging much more — and even a few of the bigger name bloggers got themselves elected. In response? The government demanded that ISPs block certain blogs, including the very popular Malaysia Today.

The latest news is that the government has rescinded the ban… but has arrested the site’s founder. That doesn’t seem like the best way to get bloggers on their side. It never fails to amaze me why politicians seek to shut up those who oppose them. What’s wrong with actually responding and letting people understand the multiple positions? If you’re confident that your position is the correct one, then why not convince people that’s the case?

Filed Under: arrests, blogging, free speech, malaysia, opposition

Napster's Next Chapter: Merged Into Best Buy

Deals

from the yawn dept

Napster, which now has almost nothing other than its brand to connect it to the revolutionary music sharing service Shawn Fanning launched nearly a decade ago, is about to undergo its latest shift, as Best Buy has bought what remains of Napster for $127 million, representing a hefty premium on the already pretty weak valuation of the company. Ever since Roxio bought Napster — and renamed itself Napster — the company has tried to position its music subscription offering as a huge success, but there’s been little evidence to back that up. Now selling off to Best Buy for such a low price pretty much confirms that there wasn’t much there.

Filed Under: downloadable music, mergers, subscription services
Companies: best buy, napster

Why Do The Police Call In The RIAA To Investigate Potential Crimes?

Legal Issues

from the that-doesn't-seem-right dept

We’ve long known that the boundary between US law enforcement and the enforcement wings of certain lobbyist organizations like the RIAA is way too blurry, but TorrentFreak is raising some important questions about why the police will call in RIAA investigators on certain cases, such as one where a speeding stop in Illinois resulted in a cop calling in the RIAA after spindles of writeable DVDs and CDs was found in the car. While the RIAA and law enforcement have a history of working closely together (and many people go back and forth between the two), the RIAA is still a highly biased party here, and shouldn’t be involved in investigations where it has a personal stake. While some politicians are trying to turn US law enforcement into the private police of the entertainment industry, that doesn’t mean that police should just consider RIAA investigators their peers. So can anyone explain why RIAA investigators should be allowed to be involved in such cases and why no one’s called US law enforcement on things like this before?

Filed Under: bias, crimes, infringement, law enforcement, private investigations
Companies: riaa

Making Results Better For End Users Isn't Acting Like A Monopolist

Overhype

from the and-again-and-again-and-again dept

With the Justice Department getting closer and closer to going after Google for supposed antitrust violation, we’re going to see more and more articles like the one in the New York Times this weekend that tries to highlight the story of a company “harmed” by Google’s market power. In this case, it’s the story of a guy who runs a directory site that was based entirely on Google arbitrage. He bought ads on Google’s search engine to drive people to his directory page, and then littered the page with AdSense to collect revenue from people clicking through. The NY Times presents this as being somewhat harmful, but I have to side with Jeff Jarvis who doesn’t see what Google did wrong.

Google arbitrage sites are a problem for the end user. They’re based on the simple concept of forcing people to go an extra click to siphon some money away. If I’m looking for a particular site on Google I don’t first want to go to a directory — I want to go directly to the site. That’s true for many, many users — and Google’s efforts in punishing arbitrage sites isn’t anticompetitive, it’s about improving the user experience, which is something that should be praised, not sued. The only problem noticed in the scenario was that the guy chose a bad business model, where he was totally reliant on a single company for both all of his traffic and all of his revenue. He made the decision to base his entire business on a single supplier, and that supplier has every right to change the terms of its deals in an effort to make a better consumer experience. This isn’t Google being anticompetitive — it’s Google serving its customers.

Filed Under: antitrust, arbitrage, monopoly, search results
Companies: google