Category: Law

  • EFF Lock Screen Graphics – FYI and a Minor Touch-up to One

    For those who haven’t seen, the Electronic Frontier Foundation (EFF) has created several lock-screen / wallpaper images related to protecting your rights. I wanted to use the first one on my Galaxy S8 Active, but the image interferes with seeing the clock, date, and notification icons. So I moved the text of the image down […]

  • NTIA, Bug Bounty Programs, and Good Intentions

    [This was originally published on the OSVDB blog.] [Note: This blog had been sitting as a 99% completed draft since early September. I lost track of time and forgot to finish it off then. Since this is still a relevant topic, I am publishing now despite it not being quite as timely in the context […]

  • A quick, factual reminder on the value and reality of a “EULA”… (aka MADness)

    [This was originally published on the OSVDB blog.] This post is in response to the drama the last few days, where Mary Ann Davidson posted an inflammatory blog about security researchers that send Oracle vulnerabilities while violating their End-user License Agreement (EULA… that thing you click without reading for every piece of software you install). […]

  • The Scraping Problem and Ethics

    [This was originally published on the OSVDB blog.] [2014-05-09 Update: We’d like to thank both McAfee and S21sec for promptly reaching out to work with us and to inform us that they are both investigating the incident, and taking steps to ensure that future access and data use complies with our license.] Every day we […]

  • Seeing those EULAs in a different context.

    Many years ago I realized that the End User License Agreements (EULA) that we are forced to endure for web sites and software was out of hand. There have been a lot of good points made in the past about them and how they are rarely read. I had written notes about an article but […]

  • Seriously RIM? Call it the HackBerry from now on…

    [This was originally posted on the OSVDB blog.] Our sponsor Risk Based Security (RBS) posted an interesting blog this morning about Research In Motion (RIM), creator of the BlackBerry device. The behavior outlined in the blog, and from the original blog by Frank Rieger is shocking to say the least. In addition to the vulnerability […]

  • The Lesser of Two Weevs

    Yesterday, Andrew Auernheimer (aka Weev), was sentenced for his 2012-08-16 indictment on one count of “fraud and related activity in connection with computers” (18 U.S.C. § 1030) and one count of “conspiracy to commit offense or to defraud” (18 U.S.C. § 371). This was the result of Auernheimer’s activities in 2010, where he manipulated a […]

  • Cyberwar: Not what we were expecting

    For BruCON 4 (2012), and for THOTCON 0x04 (2013), Josh Corman and I presented on Cyberwar. While the topic has been beaten to death, our talk focused on two aspects. First, a solid debunking of the rhetoric and hype that has dominated the topic for years. Second, building up a new set of ideas that […]

  • .de Vulnerability Information Vanishing

    [This was originally published on the OSVDB blog.] Due to a recent German law being passed, Phenoelit and now Stefen Esser’s Month of PHP Bugs has been removed. More information via an article by Robert Lemos.

  • Stupid E-mail Disclaimers and the Stupid Users that Use Them

    [This was written with Martums and originally published on] We thought it would be a fad. Ok, we hoped it would be a fad, destined to go away as quickly as it came. Unfortunately, those worthless e-mail legal disclaimers still pollute the internet. Written by overzealous lawyers that don’t seem to realize the stupidity futility of their effort, […]