Recent news on source code, reverse engineering, software patent litigation

2017/09/25
Cameras in Custom ROMs: How Developers Make Hardware Work without Source Code
Without source code, how do developers get hardware components such as cameras working in custom ROMs? The answer is a BLOB, shim, and lots of debugging.
Shimming

2017/09/25
Stepping up security in chip design: Texplained
Headquartered in Valbonne, South of France, start-up Texplained is on a mission to render chip-level reverse engineering a dead-end for IC counterfeiters. Although today’s Common Criteria Certification schemes for secure chips consider…
“There is a plethora of countermeasures aimed at non-invasive attacks such as Differential Power Analysis (DPA) side channel attacks for which Rambus provide noise-reduction and obfuscation IP. But the reality, argues Ginet, is that today’s serious counterfeiters want it all, the chip’s internals together with its embedded code, and they opt for invasive attacks most of the time since they get a 100% target hit.”

2017/09/20
Unwanted ads on Breitbart lead to massive click fraud revelations, Uber claims
Uber: We paid Fetch Media for “nonexistent, nonviewable, and/or fraudulent advertising.”

2017/09/19
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
Equifax Inc. learned about a major breach of its computer systems in March — almost five months before the date it has publicly disclosed, according to three people familiar with the situation.
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed

2017/09/19
WordPress to ditch React library over Facebook patent clause risk
Automattic, the company behind the popular open source web publishing software WordPress, has said it will be pulling away from using Facebook’s React..

2017/09/18
`We’ve Been Breached’: Inside the Equifax Hack
The crisis has sent shock waves through the industry, spooked consumers and sparked investigations. A focus for inquiry is a software glitch that appears to be how the intruders got into the company’s systems.

2017/09/17
Federal Rule of Evidence 902(14) Will Especially Impact Social Media Evidence Preservation
On December 1, 2017, Federal Rule of Evidence 902(14) will go into effect, with a significant expected impact on social media evidence collection processes. To review, FRE 902(14) is a very importa…
Authentication of social media posts and print-outs

2017/09/17
Critical Bluetooth Flaws Put Over 5 Billion Devices At Risk Of Hacking
A new attack dubbed BlueBorne exposes 5.3 billion Bluetooth-enabled devices to potential hacking and a large number of them will probably never get patched.

2017/09/16
Pirate Bay Allegedly Runs A Bitcoin Miner In Background Of User Systems But It Can Be Blocked
The Pirate Bay made its name as the site to go to if you want to download pirated applications, games, music or movies. The site is infamous for skirting the jurisdiction of authorities in the U.S. and abroad while letting people download and…
Using CoinHive JavaScript

2017/09/16
Sloppy U.S. Spies Misused a Covert Network for Personal Shopping – and Other Stories from Internal NSA Documents
Campaigns to spy on internet cafes and tap Iraqi communications, as well as an intimate NSA examination of Czech spying, are detailed in NSA newsletters.

2017/09/16
NSA Broke the Encryption on File-Sharing Apps Kazaa and eDonkey
The spy agency didn’t care about copyright violations; it was trying to determine if it could find valuable intelligence.
Interesting blast from the past

2017/09/16
Equifax Officially Has No Excuse
A patch that would have prevented the devastating Equifax breach had been available for months.

2017/09/15
What We Know and Don’t Know About the Equifax Hack
The credit reporting company says hackers exploited a bug in popular software for building websites. But the identity of the attackers remains a mystery.
Layered security controls (as well as fixing Struts security bug) would have defeated intrusion; a group called “PastHole Hacking Team” has claimed responsibility, and is demanding $2.5 million in BitCoin or data will be released Friday;

2017/09/14
Security researchers find gross deficiencies on Equifax Argentina site
As we close in on a week since Equifax announced the massive hack that could potentially have exposed the financial information of 143 million consumers in..

2017/09/14
Failure to patch two-month-old bug led to massive Equifax breach
Critical Apache Struts bug was fixed in March. In May, it bit ~143 million US consumers.

2017/09/14
Equifax Breach: Why I am not surprised
The Equifax breach, announced in September 2017, is said to potentially impact some 143 million Americans.  At this point in time Equifax has not shared many details about the breach except the numbers and that the information was extracted through a…
“Another possible angle for the attack is related to the fact that Equifax appears to be a Java shop. According to Wappalyzer (a Chrome and Firefox plugin), the main Equifax website runs on the Java-based Liferay CRM. Another public facing application, the one that consumers log into, also appears to be Java based. ”

2017/09/13
U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage
The Department of Homeland Security issued a directive barring use of the Russian company’s product.

2017/09/13
The Man Behind Plugin Spam: Mason Soiza
This is a follow-up to our story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites”. In this post, we explore who is behind the purchase and corruption of the Display Widgets plugin and at least two other popular….

2017/09/11
Massive Equifax cyberattack triggers class-action lawsuit
Federal court complaint charges Equifax “negligently failed to maintain adequate technological safeguards”

2017/09/09
lgtm
“Code as data”

2017/09/09
The Apacher Software Foundation Issues Statement on Equifax Security Breach
Forest Hill, MD, Sept. 09, 2017 (GLOBE NEWSWIRE) — The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more…

2017/09/09
The hackers who broke into Equifax exploited a flaw in open-source server software
Correction: An earlier version of this article said the vulnerability exploited by the hackers who broke into Equifax was the one disclosed on Sep. 4..
“That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. One was announced in March, and another was announced earlier this week on Sept. 4. At the moment, it’s unclear which vulnerability the Baird report was referring to.”

2017/09/08
Equifax blames vendor software for breach – NYPost
There was a flaw in the open-source software created by the Apache Foundation, says William Blair’s Jeffrey Meuler, who has spoken with Equifax (EFX -12.9%). “My understanding is the breach was pe…”
According to NY Post, Equifax is blaming Apache Struts for the massive breach of consumer data

2017/09/05
Allegation of Open Source Non-Compliance Leads to Anti-Competitive Practice Lawsuit
Many of today’s hottest new enterprise technologies – IoT, Healthcare, AI – are centered around open-source technology. The free and open source software movement has moved well out of grassroots into mainstream – and license compliance issues…
“Panasonic Avionics is a hardware manufacturer and market leader in in-flight entertainment and communication solutions. CoKinetic Systems is a software producer in the same space and a competitor to Panasonic Avionics. The lawsuit claims that Panasonic has violated the GPL license, in addition to employing other monopolizing tactics for in-flight entertainment and communication.”

2017/09/05
Traces of Crime: How New York’s DNA Techniques Became Tainted
The city’s medical examiner has been a pioneer in analyzing complex DNA samples. But two methods were recently discontinued, raising questions about thousands of cases.
“The first expert witness allowed by a judge to examine the software source code behind one technique [FST, which calculates the likelihood that a suspect’s genetic material is present in a complicated mixture of several people’s DNA] recently concluded that its accuracy “should be seriously questioned.”

2017/09/02
Please Define What you Mean by Ordinary Meaning
“Over the past several of years, the court has appeared to be increasingly divided on the question of when a district court (or PTAB judge) must offer an express construction of beyond simply assigning a claim its “plain and ordinary meaning” without further definition. In NobelBiz v. Global Connect, the Federal Circuit ruled that disputed claims must be construed (despite some precedent to the contrary).”

2017/09/02
Qualcomm and Apple Further Their Dispute About Whether Certain Patents Are, In Fact, Disputed | Lexology
A series of motions in the ongoing battle between tech blue chips Qualcomm and Apple about whether the Southern District of California (or any.
… the question of exactly what actions a patent holder must undertake to create an actual case or controversy for a patent-law declaratory judgment action…. When Qualcomm ultimately did provide Apple a claim chart asserting potential infringements, none of the nine patents were in that chart. Therefore, Qualcomm argued, Apple could not point to any affirmative act by it to show its intent to enforce those nine patents…. By using those claim charts as leverage in its license negotiations, Apple alleged Qualcomm did indeed engage in “affirmative acts” that showed its willingness to enforce

2017/09/01
Ex-Nokian Tyres employees convicted in Finland’s biggest ever industrial espionage trial
Ten people have been convicted in Finland’s largest ever trial on charges of breaching commercial confidentiality. The ex-Nokian Tyres employees left the firm to establish their own research and development company, but were prosecuted under Finland’s…
“Information is not confidential if it can be obtained by studying a product, if it can be purchased, if it is generally known or if it is part of a professionally trained individual’s skillset,” read the court judgement. “The District Court has come to the conclusion that none of those conditions has been met, so the information is confidential.”

2017/09/01
Worldwide : Patents And Secrets In The Chemical Industry
A patent gives a temporary monopoly right for an invention. The trade off? That invention must be publicly disclosed, as well as at a cost to secure and maintain patent protection in each country required. Worldwide Intellectual Property Finnegan,…
“In the chemical industry, there further exists the risk of ever improving means for reverse engineering. Also, safety requirements often require near full disclosure of the composition of a product or how the product is made. ”

2017/09/01
P?NP proof fails, Bonn boffin admits
Norbert Blum says his proposed solution doesn’t work

2017/09/01
Chinese Agency Linked to Cyber-Espionage Operations Will Review Source Code of Foreign Firms
According to a new law voted in 2016 and which came into effect starting June 1, 2017, foreign companies activating in China could be forced to provide access to their source code to a state agency that has been recently linked to China’s…
“Chinese authorities say this is to protect citizens by searching the source code of foreign companies for secret mechanisms that collect data on Chinese users and send it to foreign servers.”

2017/09/01
Are Self-Driving Cars a Hacker’s Dream? Think Again | NewsFactor Network
Self-driving cars feel like they should provide a nice juicy target for hackers. But that’s the wrong way round, security researchers say. In fact, self-driving cars may be unintentionally more secure.
“Smith explains that from a hacker’s point of view having just one sensor makes it much easier to fake a signal or event to fool the car into doing something. But self-driving cars are, by and large, smarter. Smith said: “In a self-driving world, fully self-driving, they have to use lots of different sensors.”

2017/09/01
Could someone hack your pacemaker? FDA is recalling 465,000 of them due to that risk
The FDA is recalling 465,000 of the medical devices, which help control one’s heartbeat, citing vulnerabilities that could enable someone to hack into them.
“A representative from the company that makes the pacemakers said in an email that this is not a recall, but instead just a “firmware update” that can be applied to the pacemakers in question…. In 2012, a former hacker named Barnaby Jack proved he could reverse engineer a pacemaker, forcing it to release multiple 830 volt shocks, according to Engadget. A year later, the FDA warned that pacemakers could be connected to networks vulnerable to hacking.”

2017/09/01
Hacking risk leads to recall of 500,000 pacemakers due to patient death fears
FDA overseeing crucial firmware update in US to patch security holes and prevent hijacking of pacemakers implanted in half a million people
“The FDA says that the vulnerability allows an unauthorised user to access a device using commercially available equipment and reprogram it.”

2017/08/30
SAS Institute: Will the Supreme Court End the Partial Institution of IPRs? | Lexology
On July 20, SAS Institute filed its opening brief in the Supreme Court in SAS Institute v. Matal, a case with major potential ramifications both for…
“Does 35 U.S.C. 318(a), which provides that the Patent Trial and Appeal Board in an inter partes review “shall issue a final written decision with respect to the patentability of any patent claim challenged by the petitioner,” require that Board to issue a final written decision as to every claim challenged by the petitioner, or does it allow that Board to issue a final written decision with respect to the patentability of only some of the patent claims challenged by the petitioner, as the Federal Circuit held?”

2017/08/29
Beware Conditional Limitations when Drafting Patent Claims
Patent owners should be mindful of conditional limitations implications because conditional limitations may affect claim validity and infringement.

2017/08/26
Malware analysts’ jobs might get much easier, thanks to SEMU
Malware development vs. malware analysis is a dangerous cyclical arms race-a digital form of cat and mouse where security analysts attempt to rev…

2017/08/26
Handling Improper Coaching of Witnesses During PTAB Deposition Proceedings
Many attorneys have encountered an opposing party’s witness that provides very concise, supportive responses to the questions of the witness’s own…

2017/08/26
3 Lessons from Federal Circuit Ruling on Computer Implemented Inventions
The fate of subject matter eligibility is far from certain today; however, there are a few application drafting takeaways from the Visual Memory case…
… a few application drafting takeaways from the Visual Memory case that can help in getting computer implemented inventions to allowance…

2017/08/26
In a Reversal, Federal Circuit Finds Data Processing Claims Patent-Eligible under Section 101 in Visual Memory v. NVIDIA
Last week, the Federal Circuit held computer memory system patent claims not abstract and thus patent-eligible under Section 101, reversing a lower…

2017/08/26
Save Me Some Money: Paring Down Costs in Patent Litigation
Order Re Pilot Motions for Summary Judgment, Comcast Cable Communications, LLC v. OpenTV, Inc. et. al., N.D. Cal. (August 4, 2017) (Judge William…
… instituted a novel procedure to pare down a case involving more than 100 claims from 13 patents. Judge Alsup created a procedure for “pilot summary judgment motions,” where each party was allowed to bring a single motion on the merits of a single claim. Judge Alsup outlined this pilot procedure in a case management order: [] The patent owner selects the strongest claim in its case for infringement; [] The accused infringer selects the strongest claim in its case for non-infringement or invalidity; …

2017/08/26
When It Comes to Domestic Industry’s Economic Prong, Numbers Speak Louder Than Words
Initial Determination on Violation of Section 337 and Recommended Determination on Remedy and Bond, Certain Radio Frequency Identification (“RFID”)…
… ALJ McNamara’s analysis of the economic prong of the domestic industry requirement. Her decision is notable because of the number and diversity of economic prong theories Neology advanced, and the ALJ’s focus on the presence or absence of quantitative evidence supporting those theories, further cementing the effect of the Federal Circuit’s 2015 Lelo v. ITC decision.

2017/08/26
Preventing Identity Theft-A Tale as Old as Time According to Judge Palermo When She Invalidated Patent Claims for Identity Theft Prevention Software Under  101
Order Granting Summary Judgment in favor of Defendants, Mantissa Corp. v Ondot Systems, Inc., et al, S.D. Tex. (August 10, 2017) (Magistrate Judge…
Court found that identity theft and the solution provided by the asserted claims were “decidedly technology-independent” and that the claims “[d]id not require doing something to computer networks, they require[d] doing something with computer networks.” Consequently, Judge Palermo concluded that the asserted claims failed to recite an inventive concept under step two of the Alice analysis.

2017/08/24
Litigation Misconduct Helps Render a Patent Unenforceable | Lexology
In March 2014, Regeneron Pharmaceuticals, Inc. sued Merus B.V. for allegedly infringing U.S. Patent No. 8,502,018.
… the Court inferred the specific intent to deceive based on Regeneron’s conduct during the litigation… including failure to provide proper infringement contentions…

2017/08/23
AccuWeather for iOS Sending Location Data to Monetization Company Even When Location Sharing is Off [Updated]
Popular and well-known iOS weather app AccuWeather has been caught collecting and sharing user location data even when location sharing permissions…

2017/08/23
How to: Decompile Android APKs and enable in-development features in some apps
If you’ve followed us (or our friends at a couple of Android blogs), you’re probably aware of a little thing we do called APK Teardowns. Basically, we reverse engineer Google’s…

2017/08/21
How we used FCC database as a way to invalidate a patent? – GreyB
FCC ID database, PopSci Archives, Hitachi News page and JEITA are among few non patent literature sources that we use as ways to invalidate a patent.

2017/08/21
Shutterstock has reverse engineered Google’s watermark-removal app
Shutterstock has already found a way to protect its large trove of stock photos against Google’s watermark removal software.

2017/08/18
Apple Store Enough To Keep IP Suit In Delaware, Judge Says – Law360
Apple Inc. may not move a patent-holding company’s infringement suit from Delaware under the new TC Heartland precedent because the tech giant’s retail store in the state qualifies as an “established place of business,” a federal court ruled Wednesday.
“Apple does not dispute Prowire’s allegation it has a retail store in Delaware,” Judge Kearney wrote. “It argues one retail store is not enough to establish a `permanent and continuous presence.’ We disagree; Apple’s retail store is a permanent and continuous presence where it sells the alleged infringing technology to consumers on a daily basis.”

2017/08/18
Federal Circuit Confirms Innovators Must Sue Blind When Biosimilar Makers Withhold Information | Lexology
On August 10, 2017, the Federal Circuit issued its decision in Amgen v. Hospira. It dismissed Amgen’s interlocutory appeal from a discovery order on.
“… companies that do not receive needed information under the Biologics Price Competition and Innovation Act of 2009 (BPCIA) … need to sue blind or risk not obtaining discovery for unasserted patents. The Federal Circuit also confirmed that Rule 11 is satisfied in such blind lawsuits due to an applicant’s withholding of information…. Amgen had also argued that it could not assert its cell culture media patents as it would be risking later being subject to sanctions under Rule 11 for asserting baseless claims of patent infringement. The Federal Circuit rejected Amgen’s theory for two…”

2017/08/18
Hacker claims to have decrypted Apple’s Secure Enclave, destroying key piece of iOS mobile security
A hacker going by the handle xerub has just released what he claims to be a full decryption key for Apple’s Secure Enclave Processor (SEP) firmware. T…
“Decryption of firmware doesn’t equate to decryption of personal data. While SEP’s firmware may have been opened up your personal data isn’t necessarily at risk.”

2017/08/18
Visual Memory v. NVIDIA: The Importance of a Robust Written Description | Lexology
In Visual Memory v. NVIDIA (Fed. Cir. 2017), the Federal Circuit reversed the district court’s holding that Visual Memory’s U.S. Patent No. 5,953,740.
In addition, the patent includes a microfiche appendix with 263 frames of CDL listing. According to the patent, CDL is “a high level hardware description language” that “unambiguously defines the hardware for a digital logic system.” … “The CDL listing completely defines a preferred embodiment of a computer memory system … The listing may be compiled to generate a `C’ source code which may then be compiled … The COFF is then input to a logic synthesis program to provide a detailed logic schematic.”

2017/08/17
Reverse Engineering x86 Processor Microcode
Microcode is an abstraction layer on top of the physical components of a CPU and present in most general-purpose CPUs today. In addition to facilitate complex and vast instruction sets, it also provides an update mechanism that allows CPUs to be…
Interesting new paper by Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, and Thorsten Holz

2017/08/16
This startup learned the hard way that you do not piss off open-source programmers
Programmers discovered that Kite had quietly injected promotional content and data-tracking functionality into open-source apps. Not cool.
Saga of Kite, Atom, and Sublime Text

2017/08/16
Court rejects LinkedIn claim that unauthorized scraping is hacking
Judge says LinkedIn’s reading of hacking law would have troubling consequences.
“If a page is available without a password, it’s presumptively public and so downloading it shouldn’t be considered a violation of the CFAA. On the other hand, if a site is password-protected, then bypassing the password might trigger liability under federal anti-hacking laws.”

2017/08/16
This startup learned the hard way that you do not piss off open-source programmers
After Kite raised $4 million in venture capital funds in 2016, TechCrunch described it as a tool that “wants to be every developer’s pair-programming buddy.”.

2017/08/16
Spinrilla Refuses to Share Its Source Code With the RIAA
Spinrilla, a popular hip-hop mixtape site and app, is refusing to share its source code with the RIAA. The major record labels want to use the code as evidence in their ongoing piracy lawsuit against the company. Spinrilla notes, however, that handing…
Spinrilla asks rhetorically, “If we sued YouTube for hosting 210 infringing videos, would I be entitled to the source code for YouTube?” … The RIAA, on the other hand, argues that the source code will provide insight into several critical issues, including Spinrilla’s knowledge about infringing activity and its ability to terminate repeat copyright infringers.”

2017/08/14
North Korea’s Missile Success Is Linked to Ukrainian Plant, Investigators Say
Investigators are focusing on the factory as a black-market source for North Korea, a new report and classified intelligence assessments say.
Technology transfer

2017/08/14
Seeking Greater Global Power, China Looks to Robots and Microchips
The country’s effort to take a lead in the technologies of the future, often with the help of foreign companies, is the likely subject of a United States trade investigation.
China re-living early US intellectual property position (state-run media has highlighted the case of Samuel Slater)

2017/08/14
Twin Peaks killing raises questions about algorithm that helped free suspect
A computer program that assigns risk scores to San Francisco criminal defendants is itself under scrutiny after it helped free a 19-year-old man who, just days later, allegedly gunned down a 71-year-old stranger on Twin Peaks. […] in the aftermath…

2017/08/03
Cybersecurity Researcher Hailed as Hero Is Accused of Creating Malware
A British security researcher, credited with stopping the spread of malicious software in May, was arrested in connection with a separate attack.
Marcus Hutchins

2017/07/31
Hackers claim credit for alleged hack at Mandiant, publish dox on analyst
Late Sunday evening, someone posted details alleged to have come from a compromised system maintained by Adi Peretz, a Senior Threat Intelligence Analyst at Mandiant. The leaked records expose the analyst from both a personal and professional…

2017/07/31
The complete history of the IBM PC, part two: The DOS empire strikes
The real victor was Microsoft, which built an empire on the back of a shadily acquired MS-DOS.
“On the other hand, Paterson freely admits that he pulled out his CP/M reference manual and duplicated each of its API calls one by one…. beneath the surface, where he could get away with it, he substantially improved upon his model, notably in disk- and file-handling.”

2017/07/31
Cold War espionage paid off-until it backfired, East German spy records reveal
Industrial espionage is like R&D “on cocaine” for countries that depend on it…

2017/07/28
Breaking open the MtGox case, part 1
The official blog of WizSec, a group of bitcoin security specialists, and their investigation into MtGox.

2017/07/25
Attack of the 50 Foot Blockchain
Excellent book: An experimental new Internet-based form of money is created that anyone can generate at home; people build frightening firetrap computers full of video cards, putting out so much heat that one operator is hospitalised with heatstroke and brain…

2017/07/25
Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts
Excellent book…

2017/07/19
Did you know? Google sees JavaScript links you don’t
Columnist Kyla Becker explains how poor visibility into JavaScript backlinks can impact webmasters’ ability to keep a clean backlink profile.

2017/07/17
The CIA’s Secret 2009 Data Breach, Revealed For The First Time
The inspector general’s 2010 report, obtained by BuzzFeed News through a Freedom of Information lawsuit, details an incident that “could have caused irreparable damage.”
In a security breach never before made public, a CIA employee disclosed highly classified government source code to a contractor who was not authorized to receive it – an incident that the agency’s internal watchdog warned “could have caused irreparable damage.”

2017/07/15
Weak Infringement Position Makes Troll-like Behavior Exceptional
In Adjustacam LLC v. Newegg, Inc., [2016-1882] (July 5, 2017) the Federal Circuit reversed the district court’s decision not to award attorneys’ fees…
Weak Infringement Position Makes Troll-like Behavior Exceptional ; Adjustacam v. Newegg

2017/07/13
Google pays academics millions for key support
Google has paid millions of dollars to academics at British and American universities for research that it hoped would sway public opinion and influence policy in favour of the tech giant….

2017/07/13
Weak Infringement Position Makes Troll-like Behavior Exceptional
In Adjustacam LLC v. Newegg, Inc., [2016-1882] (July 5, 2017) the Federal Circuit reversed the district court’s decision not to award attorneys’ fees…
“While the infringement claim may have been weak at the time of filing, after the district court’s Markman order, the lawsuit was baseless.”

2017/07/12
Was America’s Industrial Revolution Based on Trade Secret Theft? – IPWatchdog.com | Patents & Patent Law
Industrial espionage was practiced in Europe through the 18th Century. This opportunistic behavior was acceptable because of the mercantilist attitude of…
Useful retelling of the Samuel Slater story, even if the author sees too ready to rule out the idea that US trade practices in the 18th century resemble those of other countries today. See also “Trade Secrets: Intellectual Piracy and the Origins of American Industrial Power” by Doron S. Ben-Atar.

2017/07/12
Judge Rakoff Shoots Down eDiscovery Trade Secrets Case
In the booming world of e-discovery services, having a sales team with strong client relationships can mean everything. Or at least for LDiscovery, it was worth about $24 million – which is the sum in bonuses and other potential payments it…

2017/07/12
The Third Circuit Addresses the Defend Trade Secrets Act and Appears to Have Applied the Inevitable Disclosure Doctrine | Lexology
The Defend Trade Secrets Act (DTSA) states very clearly that an injunction issued pursuant thereto may not “prevent a person from entering into an.
“The Defend Trade Secrets Act (DTSA) states very clearly that an injunction issued pursuant thereto may not “prevent a person from entering into an employment relationship,” and that any conditions placed on a former employee’s employment in an injunction must be based on “evidence of threatened misappropriation and not merely on the information the person knows.” This language appears to bar injunctive relief under the DTSA based on the “inevitable disclosure doctrine,” … However …

2017/07/12
Comcast Prevails in Part on Striking OpenTV Infringement Contentions
On June 19, 2017, Northern District of California Judge William Alsup granted-in-part and denied-in-part plaintiff Comcast Cable Communications, LLC’s…
“Comcast contends that OpenTV’s infringement contentions violate Rule 3-1 by: “(1) relying too much on `information and belief,’ (2) charting asserted claims for only one or two accused products despite purporting to accuse more products of infringement, (3) asserting indirect infringement theories in generic terms by merely tracking the pertinent statutory language, (4) using only boilerplate language to assert infringement under the doctrine of equivalents, and (5) failing to identify specifically the patent owners’ own `instrumentalities and products …” Grant in part -> compel amendment.

2017/07/12
When reverse engineering is difficult, infringement of software trade secrets is confirmed | Lexology
In SI Engineering Srl v Lantek Systems Srl the first instance of the Court of Turin confirmed that, when software ? namely a proprietary format for.
Case from Turin, Italy: “the court’s opinion was grounded on the report of the technical expert appointed by the first-instance Court of Turin, which found that reverse engineering was made extremely difficult because of variable-length codes obtained through random and redundant code elements, and that these latter features were in fact reasonable measures for protecting SI Engineering secret information in the field of computing devices.”

2017/07/11
Cybersecurity expert fights for realism
Robert M. Lee thinks we should start taking infrastructure cybersecurity seriously.
“Marketing the apocalypse to the detriment of the actual threat. ”

2017/07/11
Google Patches Critical `Broadpwn’ Bug in July Security Update
The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed `Broadpwn’ that impacts both Android and iOS devices.

2017/07/11
New Attack Recovers Satellite Phone Crypto Key in Fraction of a Second
A team of researchers from China has developed a new attack on one of the ciphers used to secure the communications of satellite phones that enables them to recover a 64-bit key in a fraction of a …

2017/07/11
Icewind Dale 2 can’t be ‘Enhanced’ because the source code is lost
Beamdog boss Trent Oster said the studio has moved on to other things.
Yes, software vendors really do lose source code

2017/07/10
How to perform cloud-based application analysis
Application analysis is an important step for organizations to take before using cloud-based applications. Here are some ways to do that.
Overview of using static analysis (strings, API call names, signatures) and dynamic analysis (registry, network, memory; debuggers, sandboxes, dynamic binary instrumentation e.g. Frida, Valgrind, Strace)

2017/07/07
NotPetya hackers obtained source code of accounting software to wreck Ukrainian businesses
The software maker may face criminal charges for ignoring warnings from security experts about an impending cyber-attack.

2017/07/07
Petya victims given hope by researchers – BBC News
A team claims to have found a way of decrypting some files damaged in the recent cyber-attack.
Dmitry Sklyarov

2017/07/07
Limn 8: a social science journal issue devoted to hacking
“The issue’s provocative table of contents includes Matt Jones on “The Spy Who Pwned Me” (“How did we get to state-sponsored hacking?”); Renée Ridgway on “Who’s hacking whom?” (“What can you do with a Tor exploit?”); an interview with Boing Boing favorite Lorenzo Franceschi-Bicchierai “about the details of the DNC hacks, making sense of leaks, and being a journalist working on hackers today” and another interview with veteran security journalist Kim Zetter “about infrastructure hacking, the DNC hacks, the work of reporting on hackers…”

2017/07/07
Interoperability and the Copyright Office’s Section 1201 Report – Disruptive Competition Project
In its recent report on Section 1201 of Title 17, the Copyright Office amended-in a positive way-its prior interpretation of the interoperability exception in section 1201(f). The Office corrected its assertion in recent section 1201 rulemakings…
… Section 1201 prohibits the circumvention of technological protection measures (TPMs) that restrict access to copyrighted works. It also prohibits the development and distribution of the tools necessary to achieve this circumvention. Section 1201 contains a variety of exceptions, including section 1201(f), which is entitled “Reverse Engineering.” …The Office acknowledged that it would allow consumers to jailbreak their smartphones, without requiring an exemption…. Thus parties that previously sought exemptions will not have to in the rulemaking cycle the Copyright Office just announced.

2017/07/07
Gnireenigne
Reverse engineering (now does the title make sense?) is a common and legitimate business practice. The federal Defend Trade Secrets Act even…

2017/07/05
Bitcoin Ethical Hacking Leads to Solving FBI Murder Case
Bitcoin ethical hacking shed some light on FBI murder case of Mrs. Amy Allwine which resulted in arrest of the real suspect.

2017/07/05
Private Sector Cyber Intelligence Could Be Key to Workable Cyber Arms Control Treaties
The Obama-Xi cybersecurity agreement shows that the private sector can both demonstrate and encourage state compliance with such agreements.
“observers also missed the critical role that the private sector would play in providing the parties with evidence of their good-faith progress toward implementation….”

2017/07/05
This Open Source Online Raspberry Pi Simulator By Microsoft Works Right Inside Your Browser
With the help of Microsoft’s open source Raspberry Pi Simulator, you can do the same right inside your web browser. You can also connect it to the Azure IoT Hub and collect sensor data.

2017/07/05
On the Inspection of Anti-Virus Source Code to Demonstrate the Lack of Offensive Cyber Capabilities
Inspecting anti-virus source code is probably not enough to make Kaspersky products a safe tool for Congress.
“the source code of such products (i.e., the program) is different than the malware databases off of which these products operate… What if the malware database does not contain the signature of malware X, which happens to originate from Russian intelligence? The product will not detect it, and malware X will penetrate to the user’s machine … Why did the database not contain X’s signature? This is the critical question-and it’s impossible to answer. ”

2017/07/04
SAP, HP Want Software Co. Sanctioned for ‘Fishing Expedition’ – Law360
SAP America and HP urged a California federal judge on Friday to sanction a Silicon Valley software company and its attorneys for filing a new infringement suit in sprawling litigation over an e-commerce patent, saying “one attempted fishing…

2017/07/04
The E-Discovery Digest – June 2017
The seventh edition of The E-Discovery Digest focuses on recent decisions addressing the scope and application of the attorney-client privilege and…
including:
Party Compelled to Write Computer Program to Identify Relevant Data … Meredith v. United Collection Bureau, Inc., No. 1:16 CV 1102, 2017 U.S. Dist. LEXIS 56783 (N.D. Ohio Apr. 13, 2017) …

2017/07/03
Russian Cybersecurity CEO Offers Source Code for U.S. Inspection
Kaspersky offers transparency as Russian hacking tensions mount.

2017/07/01
Practice Tips for the Trade Secret Holder: Navigating Discovery Under the Defend Trade Secrets Act
Explore how courts have treated the trade secret holder’s disclosure obligations in cases brought under the DTSA, including whether, when, and how the “reasonable particularity” standard has been applied. Take a look at some practice tips for…
… court found that although the plaintiff had described certain of its purported trade secret product designs with “enough specificity,” the plaintiff’s claims would not survive summary judgment because the plaintiff failed to rebut the defendants’ contention that the product designs were readily ascertainable by reverse engineering. …

2017/06/29
Practice Tips for the Trade Secret Holder: Preparing a Complaint under the Defend Trade Secrets Act
Strategic tools and news that general counsel need to better manage their legal departments and fully understand the business risks companies face today.
… alleging the existence of a trade secret under the DTSA requires setting forth information regarding secrecy measures, economic value, and lack of general knowledge/ascertainability. By way of example, one court granted a motion to dismiss, finding the complaint “entirely devoid of any allegations of how [Plaintiff] protected the information in question from dissemination.” … DTSA requires that trade secrets relate to a product or service used or intended for use in interstate or foreign commerce, and failing to allege that this requirement is met has also provided grounds for dismissal.

2017/06/29
Judge Orders Magic Leap to Be More Precise In Describing the Trade Secrets Former Executive Allegedly Stole
A recent decision from the Northern District of California, Magic Leap, Inc. v. Bradski et. al., shows that employers must meet a high standard when filing a California Code of Civil Procedure Section
… Under the California Uniform Trade Secrets Act (“CUTSA”), the disclosure statement, which does not have a counterpart in the federal Defend Trade Secrets Act, requires a plaintiff to “identify the trade secret with reasonable particularity” …. to separate it from matters of general knowledge in the trade or of special knowledge of those persons who are skilled in the trade,…

2017/06/29
Patent Owner Statements in IPR May Result in Prosecution Disclaimer | Lexology
Addressing for the first time the issue of whether statements made during America Invents Act post-grant proceedings can trigger a prosecution.
… CAFC upheld the district court’s ruling that arguments made by a patent owner during an inter partes review (IPR) proceeding can be relied on to support a finding of prosecution disclaimer during claim construction….

2017/06/29
Oversight of use of open source code crucial as GDPR approaches, says industry expert
Mike Pittenger, vice president of security strategy at Black Duck Software, told Out-Law.com that many businesses either remain unaware that they are running popular open source components within their software at all or that security…

2017/06/27
Clive Turvey’s dumppe and dumppdb utilities for Windows PE and debug symbol files
Clive Turvey has written some excellent tools for extracting information from Windows PE executable (exe, dll, sys, etc.) files, and from Windows PDB debug symbol files. Clive has given me permission to…

2017/06/27
Risky IT Programs – The Use of Algorithms and Risk of Collusion under Antitrust Laws | Lexology
On 14 June 2017, the OECD published a Note from the EU on Algorithms and Collusion (DAF/COMP/(2017)12 – here) (the EU Note). An updated background.
… companies are using algorithms to adapt their prices to quickly changing market conditions – almost in real time. The use of algorithms makes the traditional information sharing/price fixing cartelist look outdated. However, the key question is whether and under what conditions the competition authorities might view the use of algorithms as a competition law offence. The good news is that they generally won’t. The bad news is that any technical improvement of your self-learning algorithms can make you cross the Rubicon and expose you to great liability….

 

Posted in Uncategorized | Comments closed

Recent news re: source code, software reverse engineering, patent litigation, etc.

2017/06/24 06:03:51
Brutal Kangaroo USB malware could be reverse engineered
Reverse engineering is a potential threat of the Brutal Kangaroo USB malware, which had details — but no code — leaked by WikiLeaks.

2017/06/24 04:28:49
Symantec won’t allow Russia to examine its source code over security fears
Symantec is worried that giving Russia access to its source code could result in security breaches.
“IBM, Cisco, Hewlett Packard Enterprise and McAfee have given Russia access to their respective source codes.”

2017/06/24 04:27:03
Microsoft confirms some Windows 10 source code has leaked
A portion of Microsoft’s Windows 10 source code has leaked online this week. Files related to Microsoft’s USB, storage, and Wi-Fi drivers in Windows 10 were posted to Beta Archive this week. Beta…
“The leak will be embarrassing for Microsoft, but the source code itself is already shared with partners, enterprises, governments, and other customers who choose to license it through the Shared Source initiative.”

2017/06/19 05:28:05
Defense Strategies In Billion-Dollar Software Copyright Cases – Law360
The limited availability of patent protection post-Alice has led to a resurgence in using copyright law to protect software programs. Two recent high-profile software copyright infringement cases illustrate how much is at stake and highlight the use…
“The scènes à faire doctrine depends on the circumstances presented to the creator at the time of creation, not the circumstances presented to the copier at the time it copied.” ; Arista analogized its use of CLI labels to remote controls for a TV set to explain its scènes à faire defense

2017/06/19 05:20:29
EU seeks to outlaw ‘backdoors’ in new data privacy proposals
Draft report from European parliament clashes with UK government calls to allow access to encrypted communications from WhatsApp and others
… look to deal with so-called over-the-top (OTT) services. The services replicate the functionality of traditional communications systems, such as landline telephones, but aren’t not regulated in the same way and so are not affording similar protections. For example, the UK government has repeatedly called for ways to gain access to encrypted communications such as the end-to-end encryption (E2EE) used by Signal and WhatsApp, which prevents the interception of private messages….

2017/06/11 07:00:01
Windows Resource Dumper (resdump) from Clive Turvey
Clive Turvey has re-released the resource dumper for Windows that he and I first worked on back in the early 1990s. Yes, a utility first written in 1992 still works to display the internal representation of menus, dialogs, and other resources in Windows executable files: RESDUMP v8.02c – Windows Resource Dumper – FREEWARE Edition Copyright (c) 1992-2017 Andrew Schulman undoc@sonic.net Copyright.

2017/06/06 02:35:12
Integrated Circuit Reverse Engineering, 1970s Style
We are used to stories about reverse engineering integrated circuits, in these pages. Some fascinating exposés of classic chips have been produced by people such as the ever-hard-working [Ken Shirrif…

2017/06/05 07:47:24
Copying source code: reproducing even a small portion of source code can constitute copyright infringement | Lexology
In the case of IPC Global Pty Ltd v Pavetest Pty Ltd (No 3) [2017] FCA 82, the Federal Court was given the difficult task of determining what was a.
Australian case

2017/06/01 05:34:39
Reverse Engineering: A Basic How-To
How will this image be used? Do I anticipate any changes? What are your tolerance requirements? All these questions are paramount in determining the successful path of the data output and each are mutually exclusive of one another.
Article on reverse engineering physical objects with 3D scanning, include x-rays (CT); determining the reason for the reverse engineering is presented as a first phase in the process, before data acquisition.

2017/05/31 07:06:55
As Computer Coding Classes Swell, So Does Cheating
Growing numbers of computer science students are getting caught plagiarizing code, either from classmates or from someplace on the web.
As Computer Coding Classes Swell, So Does Cheating https://nyti.ms/2rh25gg; … Usually, anti-cheating software can uncover these tricks. One, developed by Dr. Aiken, is called MOSS, for Measure of Software Similarity….

2017/05/31 05:44:33
What We Know So Far About Direct Infringement Post-Form 18 – Law360
Following the abrogation of Form 18 in December 2015, what does it mean to state a claim of direct patent infringement? Eric Kaviar of Burns & Levinson LLP recently reviewed all of the substantive district court opinions grappling with this question….

2017/05/31 03:24:15
Changes to Expert Discovery May Place Communications With…
Communications between non-reporting experts and attorneys are at risk of being subjected to discovery. Under United States v. Kovel and its progeny…
… Non-reporting, testifying experts are typically those that were “not specially retained to provide expert testimony, but rather would testify on the basis of percipient knowledge.” … In Luminara Worldwide, LLC v. RAZ Imps., non-reporting witness was a named inventor on the asserted patents.

2017/05/31 01:07:22
Supreme Court Rules Patent Laws Can’t Be Used to Prevent Reselling
The justices said that Lexmark International, which makes toner cartridges for its printers, could not stop another company from refilling and selling them.
… Roberts writing for unanimous court, said Lexmark could not use the patent laws to enforce the contractual conditions it placed on the sale of its cartridges….

2017/05/29 07:51:00
Opinions Of Counsel Post-Halo: Lessons From 16 Cases – Law360
Following the U.S. Supreme Court’s Halo decision 11 months ago, the case results show that investigating the patent and forming a good faith belief of invalidity or noninfringement is a key factor – perhaps the key factor – courts rely on in deciding…

2017/05/29 05:00:31
What We Know So Far About Direct Infringement Post-Form 18 – Law360
Following the abrogation of Form 18 in December 2015, what does it mean to state a claim of direct patent infringement? Eric Kaviar of Burns & Levinson LLP recently reviewed all of the substantive district court opinions grappling with this question….
… one judge has commented that, following the abrogation of Form 18, it may make sense to amend local patent rules such that initial infringement contentions are due at the time the complaint is filed. Straight Path IP v. Apple (N.D. Cal.). However, several opinions from the Eastern District of Texas suggest that a plaintiff before that court must simply address the “central claim limitations” in the complaint. E.g., Semcon IP v. Huawei

2017/05/27 06:09:19
Kaspersky Lab Offers Source Code to U.S. Government
Speaking in Australia today, founder and CEO Eugene Kaspersky made the latest overture in his effort to clear his company of claims that its alleged ties to the Russian government pose a national security threat for users of its cybersecurity…

2017/05/24 05:55:56
Researchers Find Computer Code That Volkswagen Used to Cheat Emissions Tests
An international team of researchers has uncovered the mechanism that allowed Volkswagen to circumvent U.S. and European emission tests over at least six years before the Environmental Protection Agency put the company on notice in 2015 for…

2017/05/23 03:20:17
Clive Turvey’s dumppe and dumppdb utilities for Windows PE and debug symbol files
Clive Turvey has written some excellent tools for extracting information from Windows PE executable (exe, dll, sys, etc.) files, and from Windows PDB debug symbol files. Clive has given me permission to host these. Download a zip file containing dumppe, dumppdb, and dumplx: turvey_dump_utils_pe_pdb.zip I will be using these tools in a forthcoming six-hour video from Packt on Software Reverse.

2017/05/22 06:20:56
Supreme Court Ruling Could End Texas Patent Troll Problem
The Supreme Court delivered a major blow to patent trolls by making it harder for them to bring lawsuits in friendly venues like East Texas.
… In its ruling, the Supreme Court stated it was upholding one of its earlier patent decision from 1957 known as Fourco. In that decision, the top court had found the specific rules of the Patent Act, which require a plaintiff to sue companies where they are incorporated, applied despite rules to the contrary in the general venue law….

2017/05/22 06:15:54
East Texas could see nation’s patent cases go elsewhere with Supreme Court ruling | Technology | Dallas News
Dallas News: your source for breaking news and analysis for Dallas-Fort Worth, Texas and around the world. Read it here, first.

2017/05/19 06:13:04
Patent Owner Comments During an IPR Can Lead to Prosecution Disclaimer – Even for Non-Instituted Claims
The doctrine of prosecution disclaimer prevents patent owners from recapturing specific meanings of claim terms that were disclaimed during…

2017/05/19 03:10:38
Huawei spied, Federal jury finds
Tappy the robot is a Happy robot
Huawei spied, Federal jury finds. Huawei argued that T-Mobile’s own IPR on Tappy (eg, “Touch Screen Testing Platform patent application”, US 2012/0146956) blew up its own trade secret defence: they weren’t secrets any more.

2017/05/18 05:57:34
WannaCry ransomware shares code with North Korea-linked malware – researchers
The source for WannaCry ransomware, which has spread to 150 countries, may be Pyongyang or those trying to frame it, security analysts say, pointing to code similarities between the virus and a malware attributed to alleged hackers from North Korea.
Though RT cautions that “attribution” is a tricky business

2017/05/14 09:38:39
03/10/2017: Important announcement:
“As some of you know, The WikiLeaks dump of “Vault7” contained, among other things, a 2015 copy of my “Android Internals” book, since Technologeeks provided training for them. Though by now a bit outdated, it’s still a high quality, color PDF updated…”
http://newandroidbook.com/

2017/05/14 05:42:50
Reverse Engineering Apple Location Services Protocol
While working on Whereami I got interested on how Apple location services actually work. I know it is handled by locationd since Little Snitch keeps blocking it. Usual way of inspecting traffic with proxychains did not work since macOS now has…
“While working on Whereami I got interested on how Apple location services actually work. I know it is handled by locationd since Little Snitch keeps blocking it. Usual way of inspecting traffic with proxychains did not work since macOS now has something called System Integrity Protection (SIP). Alternative way was to setup Charles as MITM proxy for an iOS device. After looking at the traffic which was mostly the device phoning home I got what I needed – a location services request.”

2017/05/14 05:36:54
How an Accidental ‘Kill Switch’ Slowed Friday’s Massive Ransomware Attack
The ransomware that swept the internet isn’t dead yet. But one researcher managed to at least slow it down.
As he worked to reverse-engineer samples of WannaCry on Friday, MalwareTech discovered that the ransomware’s programmers had built it to check whether a certain gibberish URL led to a live web page. Curious why the ransomware would look for that domain, MalwareTech registered it himself. As it turns out, that $10.69 investment was enough to shut the whole thing down-for now, at least.

2017/05/14 12:36:44
OSS-Fuzz: Five months later, and rewarding projects
Five months ago, we announced OSS-Fuzz , Google’s effort to help make open source software more secure and stable. Since then, our robot ar…

2017/05/01 08:19:00
Sent to Prison by a Software Program’s Secret Algorithms
Using artificial intelligence in judicial decisions sounds like science fiction, but it’s already happened in Wisconsin.
… the case of a Wisconsin man, Eric L. Loomis, who was sentenced to six years in prison based in part on a private company’s proprietary software. Mr. Loomis says his right to due process was violated by a judge’s consideration of a report generated by the software’s secret algorithm, one Mr. Loomis was unable to inspect or challenge….

2017/04/25 09:10:24
3D X-ray Tech for Easy Reverse Engineering of ICs
Researchers map an Intel processor down to its transistors

2017/04/25 04:32:16
http://swipreport.com/softwares-capability-to-infringe-is-not-patent-infringement/
A claim for direct patent infringement could not be sustained where Microsoft software, even under the plaintiff’s theory of infringement, would have required
“A claim for direct patent infringement could not be sustained where Microsoft software, even under the plaintiff’s theory of infringement, would have required additional user configuration before all claim elements were met. Parallel Networks Licensing LLC v. Microsoft Corp….”

2017/04/21 05:38:13
DraftKings and Bwin in Nevada source code battle
DraftKings, Bwin and 888 Holdings are leading a group of gaming companies that have asked a Nevada court to block a bid by two gambling technology firms to force them to produce their source code in Las Vegas as part of a patent suit.

2017/04/20 08:43:07
Top 8 Reverse Engineering Tools for Cyber Security Professionals
Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back toget
A useful list, though a list of “top 8” reverse engineering tools might have instead included dumpbin, IDA Pro, Fiddler, Wireshark, etc.

2017/04/20 04:47:42
Judge Sleet Grants Defendant’s Motion to Dismiss Induced Infringement Claims But Denies Motion as to Direct Infringement Claims
By Memorandum Opinion entered by The Honorable Gregory M. Sleet in IP Communication Solutions, LLC v. Viber Media (USA) Inc., Civil Action No….
“Plaintiffs in infringement action need to be mindful to plead enough specific facts in their claims to meet the requirements of Twombly/Iqbal.” ; specific intent to induce infringement: “…the complaint failed to allege facts supporting how Defendant specifically instructed or directed customers to use Defendant’s application and corresponding server system in a manner that would infringe the patent-in-suit….”

2017/04/20 12:47:30
Report: Commercial Software Riddled With Open Source Code Flaws
Black Duck Software has released its 2017 Open Source Security and Risk Analysis, detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges. Black Duck conducted audits of more than 1,071…
“The report’s title, “2017 Open Source Security and Risk Analysis,” may be a bit misleading. It is not an isolated look at open source software. Rather, it is an integrated assessment of open source code that coexists with proprietary code in software applications….”

2017/04/13 06:35:37
X-rays Map the 3D Interior of Integrated Circuits
With X-ray ptychography, researchers take the first step toward being able to easily map a chip for reverse engineering
“all it takes is a few more years of this kind of work, and you’ll pop in your chip and out comes the schematic,” says Anthony Levi of the University of Southern California. “Total transparency in chip manufacturing is on the horizon”

2017/04/13 06:32:36
Dodd-Frank Redo Would Limit SEC Access to Source Code
The SEC couldn’t gain nearly unrestricted access to trading systems’ computer software under a new Republican proposal to overhaul the Dodd-Frank Act.

2017/04/09 04:02:13
Windows 10 telemetry data collection details revealed
Privacy concerns result in Microsoft detailing Windows 10 telemetry practices, revealing Windows 10 data collection options.

2017/04/07 07:44:41
Uber said to use “sophisticated” software to defraud drivers, passengers
Class action says Uber’s “methodical scheme” manipulates rider fares, driver pay.
“When a rider uses Uber’s app to hail a ride, the fare the app immediately shows to the passenger is based on a slower and longer route compared to the one displayed to the driver. The software displays a quicker, shorter route for the driver. But the rider pays the higher fee, and the driver’s commission is paid from the cheaper, faster route, according to the lawsuit”

2017/04/06 04:02:03
Uber finds one allegedly stolen Waymo file – on an employee’s personal device
Uber admitted today that it had found one of the documents Waymo alleges was stolen by a former employee — who left its self-driving car effort to join..

2017/04/06 04:00:00
CAFC: Prior Judicial Opinions Do Not Bind the PTAB
Novartis v. Noven Pharma (Fed. Cir. 2017) This short opinion by Judge Wallach affirms the PTAB findings that the claims .
Novartis v. Noven: “The idea here is that in litigation, invalidity must be proven with clear and convincing evidence while inter partes review requires only a preponderance of the evidence. As explained by the Supreme Court on Cuozzo, this may lead to different outcomes”

2017/04/06 03:55:50

PwC/BAE report on APT10 targeting of managed IT service providers

2017/04/06 03:48:41
Lazarus Under The Hood
Today we’d like to share some of our findings, and add something new to what’s currently common knowledge about Lazarus Group activities, and their connection
Kaspersky analysis of Lazarus Group advanced persistent threat

2017/04/05 06:54:50
Reverse Engineering Is Not Just for Hackers
We spend a lot of time putting apps together, but when was the last time you pulled one apart? If we can streamline the process of looking inside a compiled application then we’re more likely to employ it to answer questions and teach us valuable…
Inspecting Android apps

2017/04/04 07:39:01
Amazon.com wins $1.5 billion tax dispute over IRS
Amazon.com Inc on Thursday won a more than $1.5 billion tax dispute with the Internal Revenue Service over transactions involving a Luxembourg unit more than a decade ago.
Transfer pricing of software

2017/04/04 03:35:34
Modified Opinion: Federal Circuit Won’t Enjoin Non-Party
Asetek Danmark v. CMI USA (“Cooler Master”) (Fed. Cir. 2017) The Federal Circuit has updated its original decision in Asetek, with .
“Federal Circuit substantially affirmed but remanded on the injunction since it applied to a non-party and went beyond that non-party’s `abetting a new violation’ by the adjudged infringer… companies and owners divide-up the structure of their firms without substantially dividing management and control – and then use that division to partially avoid legal liability”

2017/04/03 04:05:40
Cloud Computing: Software patent claims and the risks to service availability
Cloud software patent claims will likely increase as more users migrate to the cloud.
… anecdotal evidence to suggest that claimants may prefer to claim against a CSP’s customers rather than the CSP itself….

2017/03/31 09:40:22
Beijing Intellectual Property Court Grants First Injunction in a SEP infringement suit | Lexology
Beijing Intellectual Property Court (BIPC) today (March 22, 2017) issued its judgment in the high-profile case IWNComm v. Sony, finding that Sony has.
“The patent in dispute is a core patent of the WAPI technology, and is essential to a national compulsory standard. In the negotiations, the plaintiff explained the patented technology relevant to WAPI and provided a list of its patent and a draft license agreement. Based on this, the defendant should be able to determine if the WAPI software within its mobile phone in dispute is covered by the claims of the patent in dispute, without the need for the plaintiff to provide a claim comparison chart. Thus, the defendant’s request for the plaintiff to provide the claim chart was unreasonable….”

2017/03/31 09:37:27
Federal Circuit Continues To Narrow Scope Of CBM Qualification – Intellectual Property – United States
The Federal Circuit reversed the PTAB’s determination that a challenged patent?relating “generally to computer security, and more particularly, to systems and methods for authenticating a web page”?qualified for CBM review.
The Federal Circuit reversed and held that a patent only qualifies for CBM if it claims a “method or corresponding apparatus . . . used in the practice [ ] of a financial product or service” and that it was error for the PTAB (1) to expand the statutory language “financial product or service” to cover methods and apparatuses merely incidental to a financial activity, and (2) to consider Secure Axcess’s choice of litigation targets-all financial institutions-as a factor relevant to the challenged patent’s qualification for CBM review.

2017/03/31 09:34:19
Mobile Payment Patent Remains Legal Tender after Alice Challenge
In the post-Alice world, patents that relate in any material way to financial processes or systems have come under increased attacks in the early stages of infringement litigation—as defendants
Because LevelUp’s claims are directed to a specific method for distinguishing between data streams that improves the operation of the POS terminal, Judge McConnell found that the claims were not directed to an abstract idea…. [in Alice step 2, court] rejected Relevant’s contention that the sentinels in the patented technology were akin to the use of Morse code, explaining that the existence of a pre-Internet analog does not automatically render a patent ineligible.

2017/03/31 09:31:15
Factual Findings Required to Show “Apparent Reason to Combine” | Lexology
Addressing issues of obviousness and anticipation in the context of an inter partes review, the US Court of Appeals for the Federal Circuit issued.
The Court also noted that the PTAB failed to consider the possibility that, even if the combination of prior art references taught long-term treatment with a PDE inhibitor of individuals with some forms of erectile dysfunction, a person of skill in the art may not have been motivated to combine those same references to treat individuals with fibrosis-related erectile dysfunction, for whom, LAB argued, the results would have been expected to be detrimental.

2017/03/31 09:28:48
Reading the Tea Leaves from the TC Heartland LLC v. Kraft Food Group Brands LLC Oral Argument | Lexology
On Monday, the Supreme Court heard oral argument in TC Heartland LLC v. Kraft Food Group Brands LLC, a case in which the Court could alter the.
To begin, despite the looming policy ramifications of this case, questions from the justices signaled that the Court viewed this case first and foremost as an issue of statutory construction. Justice Breyer most colorfully illustrated this through an early exchange with Heartland: “The Amici briefs] [a]re filled with this thing about a Texas district which they think has too many cases. . . . But is there some relevance to it?”

2017/03/31 09:20:28
WikiLeaks releases Marble source code, used by the CIA to hide the source of malware it deployed
Today, WikiLeaks publishes the third installment of its Vault 7 CIA leaks. We’ve already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone…

2017/03/30 09:28:35
Samizdat no more: Old Unix source code opened for study
Nokia Bell Labs, Alcatel-Lucent pack away the sueball gun

2017/03/30 02:35:43
Cisco learned from Wikileaks that the CIA had hacked its systems
The Wikileaks documents describe how the CIA learned how to exploit flaws in Cisco’s widely used Internet switches.
Departing NSA Deputy Director Rick Ledgett confirmed in an interview that 90 percent of government cyber spending was on offensive efforts and agreed it was lopsided.

2017/03/27 04:28:57
After London Attack, U.K. Wants Access to Encrypted WhatsApp Messages
British lawmakers will meet with American tech representatives as part of a wider push to get Silicon Valley to do more to tackle potential threats.

2017/03/21 03:27:27
ITC: Licensee Investments May Satisfy Domestic Industry Requirement – IPWatchdog.com | Patents & Patent Law
Judge McNamara explained domestic industry is not limited to the activities of the patentee and may be satisfied based on a licensee’s activities alone.
SciGen / Soitec: First, the order considers whether a complainant may use a licensee’s activities to satisfy the domestic industry requirement; Second, the order considers whether a licensee must participate in a complaint when the patentee relies on that licensee’s activities to establish a domestic industry; Third, the order considers whether a change to a licensee’s status is material to a ruling on domestic industry.

2017/03/21 03:23:58
ITC Domestic Industry Ruling A Warning For NPE Licensees – Law360
A recent U.S. International Trade Commission decision allowing a patent owner to rely on its licensee’s activities to satisfy the trade body’s domestic industry requirement illustrates a way for nonpracticing entities to get in the ITC’s door that…

2017/03/20 09:59:48
Hundreds of Cisco switches vulnerable to flaw found in WikiLeaks files
The flaw was found by Cisco security researchers, despite WikiLeaks’ claiming that the CIA hacking unit disclosures did not contain working vulnerabilities.

2017/03/20 05:47:17
Hacking Tools Get Peer Reviewed, Too
A government-led effort paves the way for data extracted from electronic devices to be accepted as evidence in court.
Hacking Tools Get Peer Reviewed, Toohttps://lnkd.in/g_bF2TyNIST software quality group

2017/03/18 06:25:02
The Truth of Patent Data Quality | @BigDataExpo #BigData #Analytics #MachineLearning
The United States Patent and Trademark Office (USPTO) recently announced an expansion of PatentsView, its visualization tool for US patents. First launched a few years ago, the intent behind the tool was to make 40 years of patent filing data…

2017/03/18 06:24:11
Google’s new encoder makes JPEGs up to 35 percent smaller
Speed is everything on the internet, and as a general rule of thumb: the smaller the file, the faster it’ll load. To help with that, Google created a new open-source JPEG encoder that will…

2017/03/18 06:20:13
How Technology Timeline Can Help Find Hidden Prior Art – GreyB
With the passage of time, technological terms have evolved drastically. Earlier phones were called radio telephones, later as mobile stations and now we use a term user equipment. Did you also ponder on how such advancement in the timeline of a…

2017/03/18 06:12:33
Teaching Away Requires Discouragement or Implying the Combination Would Not Work – IPWatchdog.com | Patents & Patent Law
To reverse a finding obviousness based on overlooking a “teach away,” the evidence must show that the references discouraged the combination or implied that the resulting combination would not work as described in the patent.

 

Posted in Uncategorized | Comments closed

Windows Resource Dumper (resdump) from Clive Turvey

Clive Turvey has re-released the resource dumper for Windows that he and I first worked on back in the early 1990s. Yes, a utility first written in 1992 still works to display the internal representation of menus, dialogs, and other resources in Windows executable files:

RESDUMP v8.02c - Windows Resource Dumper - FREEWARE Edition
 Copyright (c) 1992-2017 Andrew Schulman undoc@sonic.net
 Copyright (c) 1995-2017 Clive Turvey cturvey@gmail.com
 All rights reserved. Non-Commercial use only

RESDUMP displays information about resources in a Windows .RES
 file or executable (EXE, DLL, DRV, etc.). Detailed information
 is provided for dialog boxes, controls, menus, string tables,
 accelerator tables, and version resources.

To display resources in a Windows .RES or executable:
 RESDUMP [options] res_or_exe_file
 example: resdump \windows\winfile.exe

To display resources only of a given type:
 RESDUMP -TYPE [type] res_or_exe_file
 example: resdump -type menu \windows\winfile.exe
 resdump -type menu -type dialog -hex \foo\bar.exe
 types: CURSOR BITMAP ICON MENU DIALOG STRINGTAB FONTDIR FONT
 ACCEL RCDATA ERRORTAB CURSDIR ICONDIR NAMETAB VERSION
To also display (x,y) locations for dialog items: -VERBOSE
 To also dump bytes (hex) for each resource: -HEX
 For Windows 1.0 programs: -WIN10
 To disable ANSI to OEM conversion (Japan): -DBCS
 To dump any readable text for unknown resource types: -STRINGS
Also works with Win32 (NT) portable executable (PE) files

Resources may be in MUI (multilingual user interface) files rather than in EXE or DLL files; resdump also works on MUI files.

For example, a small dialog from \windows\system32\en-US\ieframe.dll.mui:

DIALOG #00000154h
 Language 1033 (US English)
 Style: SETFONT MODALFRAME CENTER
 Menu: ""
 Class: ""
 Caption: "New Folder"
 Font: "MS Shell Dlg" (8 Pt.)
 4294967295 (FFFFFFFFh) STATIC 50020000 "Folder &Name:"
 337 (00000151h) EDIT 50810080 ""
 4294967295 (FFFFFFFFh) STATIC 50020000 "C&reate in:"
 338 (00000152h) "ComboBoxEx32" 50210003 ""
 1 (00000001h) BUTTON 50010001 "Cre&ate"
 2 (00000002h) BUTTON 50010000 "Cancel"

Similarly, a popup menu from \windows\system32\en-US\ieframe.dll.mui:

MENU #00000108h
 Language 1033 (US English)
 POPUP ""
 41511 (0000A227h) "&Menu bar"
 41478 (0000A206h) "&Favorites bar"
 41481 (0000A209h) "&Command bar"
 41474 (0000A202h) "&Status bar"
 41480 (0000A208h) "" SEPARATOR
 42448 (0000A5D0h) "Disab&le toolbars and extensions when InPrivate Browsing starts"
 41484 (0000A20Ch) "&Lock the toolbars"
 END

The ID numbers can often be correlated with disassembly listings generated for example by Clive Turvey’s dumppe (see here) or by IDA Pro. For example:

dumppe -getsym -disasm \windows\system32\ieframe.dll > ieframe.a

resdump \windows\system32\en-US\ieframe.dll.mui > ieframe.dmp

Search the disassembly listing for “unusual” hex numbers appearing in the resource dump, such as 0A227h (“&Menu bar”) from the popup menu above:

10341161 6A01         push 1
10341163 6827A20000   push 0A227h
10341168 56           push esi
10341169 FF158CDC5810 call dword ptr [EnableMenuItem]

This can probably be relabeled:

10341161 6A01         push 1
10341163 6827A20000   push MENU_BAR ;; 0A227h
10341168 56           push esi
10341169 FF158CDC5810 call dword ptr [EnableMenuItem]

Similarly:

10341120 68D0A50000   push 0A5D0h
10341125 56           push esi
10341126 FF152CDA5810 call dword ptr [DeleteMenu]
1034112C EB24         jmp loc_10341152

can at least provisionally be relabeled (only “probably” and “provisionally” because of course these numbers, while “unusual,” may represent something else):

10341120 68D0A50000   push DISABLE_TOOLBARS_INPRIVATE ;; 0A5D0h
10341125 56           push esi
10341126 FF152CDA5810 call dword ptr [DeleteMenu]
1034112C EB24         jmp loc_10341152

To dump resources for more than one file, use the for command. For example:

for %f in (\windows\system32\en-US\*.mui) do resdump "%f" >> mui_resdump.txt

The -strings option will display readable text for any resource type unknown to resdump. For example, WordPad uses a “ribbon”:

resdump -strings "C:\progra~1\Windows NT\Accessories\wordpad.exe"

"UIFILE" "WORDPAD_RIBBON"
 Language 1033 (US English)
 ...
 WordpadOleObjectPopUpMenuNItems
 WordpadPicturePopUpMenue}
 WordpadTextPopUpMenu
 cmdRedo
 cmdUndo
 cmdQAT
 cmdClosePreviewCommand
 cmdChunkPreviewClose
 cmdNextPageCommand
 cmdPrevPageCommand
 cmdChunkPreviewPage
 ...

Download link: resdump_for_windows

 

Posted in Uncategorized | Comments closed