Category Archives: Security

History, Security

Amazon Loses One-Click Patent Lawsuit

Leave a comment

Interesting David v. Goliath story in the New Zealand news. I have not seen it anywhere else yet:

An Auckland man who defeated internet giant Amazon in a copyright battle, hopes his example will inspire others to challenge big corporations.

The United States Patents Office has ruled that Amazon does not have the exclusive rights to what is called one-click shopping – the technology that allows shoppers to buy goods with just a single click of a mouse.

Peter Calveley used internet archive sites to prove the one-click shopping idea was pionnered by a now defunct internet company called Digi Cash.

Calveley has said that he pursued the suit as a game, or in other words to make a point, but he financed it with donations. Suing Amazon for profit? His blog has more details:

Many thanks to everyone who helped out with the funding and promoting the blog.

Please don’t send any more money

(unless you want to contribute to my personal consumption ;-) ).

Should lawyers, or even laymen, solicit funds from the Internet to attack corporate interests? This is an interesting model I had not thought about. I wonder if it might someday alter the definition of “public defender”. Calveley reported some sources of support, but most are anonymous.

Security

Firefox and iPhone vulnerabilities

Leave a comment

Firefox 2.0.0.8

MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)

I would jump to 2.0.0.8 ASAP if I were you, where ASAP means no more than a month or two. I mention this because of what comes next…

In other news, Apple’s phone apparently failed to patch the ages-old libtiff vulnerability.

“I started Safari on my iPhone, browsed to a Website, and a few seconds later, HD was able to get root on my phone, without a wireless connection. Being able to run your own machine code pretty much opens the gates,” Finisterre said.

“I think it’s pretty serious — and even more so, ironic — that a year-old bug would get rolled into a semi-recent product,” added Finisterre.

It is definitely ironic. Where is the quality, Apple? Where is the quality?

In an interview with CMP Channel at Black Hat, Miller said Apple regularly uses outdated versions of open source code in the OS X platform, much of which contains known security flaws.

Outdated because of a pokey release cycle? Shame they do not develop release candidates in parallel to security fixes so the product is safe to use the day it reaches the public, or at least not prone to failure when a new product is tested for known bugs over a year old.

Disclaimer: I’m not a fan of the iPhone. While I have liked and owned Apple products that were different in meaningful ways from the competition (e.g. the original laptop keyboard pushed back to the screen with palm-wrests up front — genius) the iPhone strikes me as a lot of flash with not much practicality.

Food, Security

Stolen laptop worth lifetime of beer?

Leave a comment

Here is an interesting new take on the value of information:

Owners were desperate to retrieve the [stolen] computer containing designs, contact details and financial information, the Rotorua Daily Post said.

They have offered free beer to anyone giving clues leading to its recovery.

Co-owner Paul Croucher said the company would provide a lifetime supply of about 12 bottles a month to anyone who could name the thief.

The company has back-up copies of the material stored on the laptop but these are not up to date, the newspaper said.

What are the chances this will work? And if it does, should security start trying to recover all laptops with beer? Makes a perfectly good excuse for storing large amounts of the beverage at the office, no?

Updated to add:

Cost of 12 beer from the company in question = $36

$36 X 12 months = $432/yr

Average lifetime of a kiwi male = 78.2

78.2 – 18 (kiwi drinking age) = 60.2

60.2 years X $432/yr = $26,006.40

The problem with this reward system, obviously, is that the type of person who might be motivated by beer as a reward is going to want more than 12 bottles a month. And the person not motivated by beer is going to want more than $432/yr. In fact, $432 is not much of a reward for a laptop and, given the questionable information security practices of the company (e.g. no current backups), is there any real guarantee that they would be around to deliver bottles for years two and three let alone in perpetuity?

Food, History, Security

Totalitarian Lawns and Johnny Appleseed

Leave a comment

“A lawn is nature under totalitarian rule.”

Michael Pollan apparently wrote that in Second Nature. Someone I work with pointed me to another book of his that is a study of Johnny Appleseed. I found it very compelling, especially in the sense that he looked for root-cause (pun not intended) rather than settle with the pulp of commercial drivel also known as Disney. PBS did an interview with him where he summarizes:

GWEN IFILL: So as a gardener, which you admit to being, a backyard gardener of sorts in Connecticut, how did you make these connections between human impulse and the plant world?

MICHAEL POLLAN: Well, it all started with the bumblebee. I mean, the premise of the book is very, very simple. I… One day in the garden I was watching a bumblebee alongside me while I was sewing [sic] seeds and thought, “well, what do I have in common with a bee as a gardener?” and realized more than I realized. Like the bumblebee, I was disseminating the genes of one species, a potato instead of a leek, say, rather than another. And like the bumblebee, I thought these plants were here for my benefit, you know, all the plants in the garden I was growing. But in fact, I realized maybe they had induced me to help them, because, you know, the bumblebee breaks into the flower, finds the nectar, thinks he’s making off with the goods and thinks he’s getting the better of the deal with the flower. But, in fact, it’s the flower that has tricked the bumblebee into doing the work for him, to take his pollen from flower to flower to flower. And then I realized well, what if… So from the flower’s point of view, the bumblebee is this credulous gullible animal, and how would we look to our plants… from our plant’s point of view? And I realize we’re much the same; we’re more like the bumblebee than we think.

I love that analysis. We are gullible if we think that we are totally in control of how we choose the food we eat. People love to be led, and those that seem to want the least regulations also appear to be the ones easiest to lead. I think this is explored best in the book Fast Food Nation: The Dark Side of the All-American Meal. Anyway, back to the Appleseed story:

GWEN IFILL: Well, you tell… You talk about sweetness, beauty, intoxication and control. And sweetness you talk about the apple.

MICHAEL POLLAN: Yeah.

GWEN IFILL: How does Johnny Appleseed figure into this?

MICHAEL POLLAN: Well, Johnny Appleseed, in a way, he’s kind of a pagan patron saint of the book. I didn’t even know when I started this that he was a real historical figure, by John Chapman. I thought he was one of those kindergarten folk heroes, you know, like Paul Bunyon, that’s made up. It turns out Johnny Appleseed, John Chapman, was a real historical figure who played a very important role in the frontier in the Northwest territory. And I also found out that the version of Johnny Appleseed I learned in kindergarten was completely wrong, had been Disney-fied, cleaned up and made very benign. He’s a much more interesting character. The way figured this out was I learned this one botanical fact about apples, which is, if you plant the seeds of an apple, like a red delicious or a golden delicious, the offspring will look nothing like the parent, will be a completely different variety and will be inedible. You cannot eat apples planted from seeds. They must be grafted, cloned.

GWEN IFILL: And they’re not American fruit.

MICHAEL POLLAN: They’re not, no. I learned it comes from Kazakhstan and has made its way here and changed a lot along the way. And so the fact that Johnny Appleseed was planting apples from seed, which he insisted on– he though grafting was wicked– meant they were not edible apples, and it meant they were for hard cider because you can use any kind of apple for making cider. Really, what Johnny Appleseed was doing and the reason he was welcome in every cabin in Ohio and Indiana was he was bringing the gift of alcohol to the frontier. He was our American Dionysus.

The fundamentalists who sought prohibition threated to destroy the story of Mr. Appleseed. Thus the story was somehow adapted to leave out the grain of alcohol. It also seems to leave out some of the more obvious motivation of “homesteading” land. He is portrayed as someone who was a friend of native inhabitants because he was not afraid to speak with them, while he actually was probably negotiating with them to let him “enhance” property (grow trees) in order to legally claim it as his own under nascent laws and profit from sale to a settler.