Recent news on source code, reverse engineering, software patent litigation

“2017/12/22
“Federal Circuit brings lock patent row back to life”
“The US Court of Appeals for the Federal Court has vacated a lower court’s entry of summary judgment in a clash over locks that airport security workers can open.”
“Joint infringement: “The common thread between the cases [Travel Sentry v. Tropp, Akamai V, Eli Lilly v. Teva] is that there is evidence that a third party hoping to obtain access to certain benefits can only obtain those benefits if it performs certain steps identified by the defendant, under terms described by the defendant.”

2017/12/22
“Divided Infringement: Expanding the Scope of”
“TravelSentry v. Tropp (Fed. Cir. 2017) Today’s opinion is the Federal Circuit’s third in this dispute between Travel Sentry and Tropp…”
“Joint enterprise” prong of Akamai (2015)

2017/12/21
“Dozens of Companies Are Using Facebook to Exclude Older Workers From Job Ads – ProPublica”
“Among the companies we found doing it: Amazon, Verizon, UPS and Facebook itself. “It’s blatantly unlawful,” said one employment law expert.”
“The ability of advertisers to deliver their message to the precise audience most likely to respond is the cornerstone of Facebook’s business model. But using the system to expose job opportunities only to certain age groups has raised concerns about fairness to older workers.”

2017/12/21
“New York City’s Bold, Flawed Attempt to Make Algorithms Accountable”
“Automated systems guide the allocation of everything from firehouses to food stamps. Why don’t we know more about them?”
“One of the main stumbling blocks in the first draft, according to testimony at the October hearing and a number of sources involved in the negotiations, was the requirement to make source code fully public. This invited strong resistance from some policy experts, who warned that such openness might create security risks and give bad actors an easy way to game the public-benefits system, and from tech companies, which argued that it would force them to disclose proprietary information, supposedly harming their competitive advantage.”

2017/12/21
“Designing Against Misinformation – Facebook Design – Medium”
“The research and design thinking behind the latest treatments for Misinformation on Facebook”
“Facebook & “fake news”: “After a year of testing and learning, we’re making a change to how we alert people when they see false news on Facebook.”

2017/12/21
“Did Kim Jong Un really release the WannaCry virus?”
“Did North Korea violate international law?”
“Attribution: “When asked in the press briefing about the basis for the U.S. accusation, Bossert said, “What we did was, rely on – and some of it I can’t share, unfortunately – technical links to previously identified North Korean cyber tools, tradecraft, operational infrastructure.” This may be sufficient given the accusations against North Korea by the private sector, and even the UK government, over the last few months. But it does little to set an example or establish an evidentiary best practice for states to follow in attributing future cyberattacks to states or state-sponsored actors.”

2017/12/20
“Reverse Engineering to Confirm Infringement”
“One of the major challenges faced by a patent licensing manager is to find and prove evidence of infringement. The lack of evidence of the use chart,”
“The task involved identifying the thickness of the substrate a semiconductor device. In such a case, limited product literature is a common problem…. The task was to tear down a semiconductor chip in the connector of an Active Optical Cable. The chip had both optical structures, such as waveguides, and electronic structures, such as transistors, fabricated on the same wafer substrate….”

2017/12/20
“U.S. declares North Korea carried out massive WannaCry cyberattack”
“The Trump administration will call on states to implement all U.N. sanctions.”
“In June, The Washington Post reported that the National Security Agency had linked North Korea to the creation of the worm. In October, the British government declared that it believed North Korea was the culprit. The following month, the CIA issued a similar classified assessment, which has not been previously reported…. The U.S. government has released technical details of North Korean cyber tools and operational infrastructure…”

2017/12/20
“Third-Party Preissuance Submissions: A Useful Tool When Used Selectively – Intellectual Property – United States”
“TAKEAWAY: Third-Party Preissuance Submissions, when used selectively, can be an effective method to disrupt competitor patent prosecution.”
“about 40 percent of preissuance submissions cause competitors to ultimately narrow the application claims, or abandon the application entirely. Of this 40 percent of “successful” preissuance submissions, more than half caused the eventual abandonment of the application. This disruptive effect is even more pronounced when the preissuance submissions use claim charts. While the overall “success rate” of preissuance submissions is 40 percent, the success rate is 65 percent when a claim chart is used.”

2017/12/20
“New York will tackle unfair biases in automated city services”
“Algorithmic biases in city services could be affecting the lives of millions.”
“New York is taking steps to address potential algorithmic biases in services provided by municipal agencies. City council has passed a bill that would — if signed by Mayor de Blasio — create a task force to examine if and how service algorithms are biased, how citizens can appeal decisions made by algorithms if they feel they’re unfair, and if agency source code could be made publicly available. “Automated decision systems” are responsible for determining outcomes on a wide range of city/citizen matters. Take eligibility for bail, for example. Training data used to produce algorithms for this system…”

2017/12/18
“Kaspersky Lab Sues Trump Administration Over Software Ban”
“Moscow-based anti-virus company Kaspersky Lab sued the Trump administration in U.S. federal court on Monday, arguing that the American government has deprived it of due process rights by banning its software from U.S. government agencies. From a…”
“Kaspersky Lab Sues Trump Administration Over Software Ban @slashdot”

2017/12/15
“The Hackers Behind Some of the Biggest DDoS Attacks in History Plea Guilty”
“Three men plead guilty to being the creators and operators of the Mirai botnet.”

2017/12/14
“Patent Infringement Archives – Bejin Bieneman PLC”
“The written description requirement does not extend to equivalents asserted under the doctrine of equivalents, according to a recent order in the District of Delaware. The district judge in Sprint v. Cox resolved dueling summary…”

2017/12/14
“Patenting intellectual property for artificial intelligence as complex as some AI code”
“What do you protect, the source code, the data set, test data sets or something else?”
“A second and intriguing challenge is that machine learning by its nature constantly writes its own code to improve itself. So who is the owner or inventor and how do you know if that code infringes on someone else’s IP? The third conundrum is, what exactly do you protect, whether through copyright, patent or classifying it as a trade secret? Is it the source code, data set, test data sets, or other component of the process?”

2017/12/14
“Avast Launches Open-Source Decompiler For Machine Code – Slashdot”
“Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of…”
I haven’t seen great results from it so far, but interesting anyway…

2017/11/29
“The Impenetrable Program Transforming How Courts Treat DNA Evidence | Backchannel”
“A legal battle is trying to expose the inner workings of TrueAllele, game-changing software that attempts to identify criminals based on subtle traces of DNA.”
“But now legal experts, along with Johnson’s advocates, are joining forces to argue to a California court that TrueAllele-the seemingly magic software that helped law enforcement analyze the evidence that tied Johnson to the crimes-should be forced to reveal the code that sent Johnson to prison. This code, they say, is necessary in order to properly evaluate the technology. In fact, they say, justice from an unknown algorithm is no justice at all.”

2017/11/27
“FBI didn’t tell US targets as Russian hackers hunted emails”
“WASHINGTON (AP) – The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at leak…”
“The Secureworks list comprises 19,000 lines of targeting data . Going through it, the AP identified more than 500 U.S.-based people or groups and reached out to more than 190 of them, interviewing nearly 80 about their experiences. Many were long-retired, but about one-quarter were still in government or held security clearances at the time they were targeted. Only two told the AP they learned of the hacking attempts on their personal Gmail accounts from the FBI. A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year’s electoral contest. But to this day, some leak victims have not heard from the bureau at all.”

2017/11/27
“Don’t Feed Them After Midnight: Reverse-Engineering the Furby Connect”

2017/11/27
“Pentagon’s move toward open source software isn’t going to enhance security”
“The Pentagon must adapt, but not reduce, its defenses to meet modern realities.”
“Even the most popular open source projects, which get a disproportionate amount of usage and attention, can have severe security flaws. Shellshock, a severe vulnerability in the popular open source bash utility, existed in the project since 1989, but was only disclosed in 2014. Heartbleed, a flaw in a popular encryption library which exposed the secrets of roughly 25 percent of “https” (supposedly secure) websites, existed for two years before being discovered. And the latest Equifax breach was caused by a vulnerability in a popular open source Apache Struts library, which took four years…”

2017/11/24
“CIPA seminar: Standard Essential Patents (SEPs) Licensing and Litigation | Lexology”
“IPcopy watched CIPA’s seminar on Standard Essential Patents (SEPs) and FRAND (fair, reasonable and non discriminatory terms) recently which was presented by Kevin Scott and Richard Vary. The seminar covered a…”

2017/11/21
“DJI Rewarded Bug Bounty Discovery With Legal Threats, Developer Claims”
“Bug bounty programs are indispensable tools for finding security vulnerabilities, and are used by major tech companies such as Google and Microsoft….”

2017/11/20
“U.S. patent review board becomes conservative target”
“In August, a dozen inventors gathered around a fire pit outside the headquarters of the U.S. Patent and Trademark Office in Alexandria, Virginia, and set alight patents they said had been rendered worthless by an overreaching federal government.”
“The conservative backlash in part reflects how the right views tech giants like Apple and Google, which thanks to the tribunal have prevailed in hundreds of disputes with patent owners seeking hefty compensation. “Google, Amazon, and Apple and other big tech companies – you look at their power and it is really astounding. And they are generally left-leaning companies,” …”

2017/11/20
“It looks like Microsoft might have lost a source code of an Office Component”
“Microsoft recently released an update to patch a security bug which has raised some eyebrows. The latest vulnerability tracked as CVE-2017-11882 that…”

2017/11/14
“Diagrams Not Considered Source Code Under Modified Protective Order | Lexology”
“In a recent Order, ALJ McNamara clarified that while diagrams drawn by an expert depicting the interplay and hierarchy of relevant code modules.”
“While ALJ McNamara agreed that the diagrams were CBI [confidential business information] under the protective order, she concluded that they were not subject to the heightened protection afforded by the Source Code Addendum.”

2017/11/13
“Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core”
“A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide.”

2017/11/10
“Synopsys Buys Black Duck, Which Checks Open Source Code for Gaffes”

2017/11/10
“WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools”
“The secret-spilling organization launches a new series where it will release the source code of alleged CIA tools from the Vault 7 series.”

2017/10/26
“PTAB says 58% of Patents Survive Post-grant Proceedings Unchanged – PTABWatch”
“On October 24, 2017, the PTAB held its inaugural “Chat with the Chief” webinar. The main topic of the webinar was to discuss multiple petitions filed again”
“The most striking result reported was that 58% of patents survive post-grant proceedings unchanged, meaning that all challenges to patent claims raised in the proceeding failed. For 7% of patents, some challenged claims were found unpatentable and for 29% of patents all challenged claims were found unpatentable. The Chief Judge definitely seemed to feel that this is an important data point in the Board’s constant battle to overcome its initial reputation as a Patent Death Panel.”

2017/10/26
“Kaspersky says it obtained suspected NSA hacking source code from personal computer in U.S. in 2014 | The Japan Times”
“Moscow-based anti-virus software maker Kaspersky Lab said on Wednesday that its security software had taken source code for a secret American hacking tool”
“Kaspersky reports it was quickly deleted; “…The new 2014 date of the incident is of interest because Kaspersky only announced its discovery of an espionage campaign by the Equation Group in February 2015. At that time, Reuters cited former NSA employees who said that Equation Group was an NSA project….”

2017/10/26
“Researchers Unveil Tool to Debug ‘Black Box’ Deep Learning Algorithms”
“New approach brings transparency to self-driving cars and other self-taught systems.”
“… Deep learning systems do not explain how they make their decisions, and that makes them hard to trust. In a new approach to the problem, researchers at Columbia and Lehigh universities have come up with a way to automatically error-check the thousands to millions of neurons in a deep learning neural network. Their tool, DeepXplore, feeds confusing, real-world inputs into the network to expose rare instances of flawed reasoning by clusters of neurons…. One limitation of DeepXplore is that it can’t certify that a neural network is bug-free…. A new tool called ReluPlex uses proofs…”

2017/10/23
“Keeping Trade Secrets Out of Patents”
“Trade secret and patent laws both provide intellectual property protection but have conflicting requirements that can impose challenges for a company seeking to maximize its protection under each right.”
“… inventors that are focused on their company’s product implementation often provide detailed product or manufacturing documentation. Outside counsel, seeking to obtain a strong patent, may be motivated to include such details as a basis to claim such subject matter, but may be unaware of a company’s desire to maintain such information as a trade secret…. ”

2017/10/23
“‘We’ve nothing to hide’: Kaspersky Lab offers to open up source code”
“Response to US fretting over alleged ties to Russian snoops”
“… Kaspersky Lab further plans to open up three Transparency Centres worldwide (in Asia, Europe and the US) by 2020. In the meantime, the company has increased the value of its bug bounty awards to up to $100,000 for the most severe vulnerabilities…. ”

2017/10/21
“Automated Analysis of 101 Eligibility”
“This is something I hadn’t seen. You go to this web page, and it allows you to enter a claim and….”

2017/10/20
“Federal Judge Unseals New York Crime Lab’s Software for Analyzing DNA Evidence – ProPublica”
“We asked the judge to make the source code public after scientists and defense attorneys raised concerns that flaws in its design may have resulted in innocent people going to prison.”
“… lifted a protective order in response to a motion by ProPublica, which argued that there was a public interest in disclosing the code. ProPublica has obtained the source code, known as the Forensic Statistical Tool, or FST, and published it on GitHub; two newly unredacted defense expert affidavits are also available…

2017/10/19
“DOJ sees a path to legal hacking — FCW”
“A legal framework for information security research is gaining traction, said a senior Justice Department official, but the guidance is broad, with specific policies emerging from the private sector.”
“… an update on the vulnerabilities disclosure program for online systems that was unveiled in July 2017… DOJ is considering a recent bill to allow private companies to “hack back” when their networks are breached. The Active Cyber Defense Certainty Act…. potential harms could take the form of companies misidentifying their attacker and causing collateral damage. The current version of the bill requires companies to notify the FBI and receive confirmation before engaging offensive cyber measures…. “If you get the attribution wrong and you end up hacking back on a nation state, …”

2017/10/19
“Firms Join to Support Protection of Source Code Act”
“ISDA, FIA, FIA PTG, Modern Markets Initiative, and the U.S. Chamber of Commerce, have filed a joint letter expressing their collective support for Congressman Sean Duffy’s proposed “Protection of Source Code Act” HR 3948.”
“… the Act requires a subpoena in order for the SEC to compel a person to produce or furnish algorithmic trading source code …”

2017/10/19
“Pentagon pressed on source code disclosures to Russia”
“Democratic senator writes to Pentagon on risks to military systems after reports a tech vendor allowed Russia to review source code.”
“… The ArcSight review was conducted at sites controlled by HPE, the company said, and “no backdoor vulnerabilities were detected” in the software. Echelon, a Moscow-based company that conducts such reviews for Russia’s FSB intelligence service, oversaw the testing. …”

2017/10/14
“North Korea behind WannaCry attack which crippled the NHS after stealing US cyber weapons, Microsoft chief claims”
“North Korea was behind the WannaCry attack which crippled the NHS after stealing US cyber weapons,the head of Microsoft has claimed.”
“Brad Smith said he believed “with great confidence” that Pyongyang was behind the hack…”

2017/10/14
“Guide to the U.S. Patent Office’s Materials on Subject Matter Eligibility | Lexology”
“Since 2014, the USPTO has periodically issued examination guidance, analysis examples, and other insights to guide evaluation of patent subject matter.”

2017/10/13
“Twitter deleted data potentially crucial to Russia probes”
“Social-media platform’s strict privacy policy led to deletions of Russian information of interest to investigators.”
“… the company has had to walk a tightrope in balancing the interests of privacy activists who are “very concerned about any suggestions that a tech company would hold their data for any period after its deleted,” and law enforcement agencies that want access to potential evidence of wrongdoing. As such, “it’s a little more complicated than giving an X is gone forever by Y date” answer, one Twitter official cautioned.”

2017/10/07
“Cybersecurity firm finds ‘90% crud’ rule rings true among 100 billion DNS records”
“With more attacks coming, and the domain name system being at the center of it all, hospitals should be careful about handling web and email domains, FarSight Security says.”

2017/10/07
“ALJ Shaw: ITC is a Viable Forum for Enforcement of SEPs”
“The public version of ALJ Shaw’s Initial Determination (ID) in U.S. International Trade Commission (ITC) investigation Certain Magnetic Data Storage Tapes and Cartridges Containing the Same, Inv”
“Standard essential patents (SEP) at the ITC; burden of establishing essentiality; FRAND vs. injunction

2017/10/07
“Federal Circuit Clarifies Venue Requirements For Patent Cases”
“Until the U.S. Supreme Court’s May 22, 2017 ruling in TC Heartland v. Kraft Foods, the Court of Appeals for the Federal Circuit and the United States…”
“… three general requirements” for whether a corporation has a “regular and established place of business” in a judicial district. These requirements include: “(1) there must be a physical place in the district; (2) it must be a regular and established place of business; and (3) it must be the place of the defendant.The Federal Circuit further explained that while the “`place’ need not be a `fixed physical presence in the sense of a formal office or store,” “there must still be a physical, geographical location in the district from which the business of the defendant is carried out.” …” ”

2017/10/06
“Federal Circuit Clarifies Standard for Pleading Infringement in Lifetime v. Trim-Lok – IPWatchdog.com | Patents & Patent Law”
“The CAFC found Lifetime’s pleading adequate. To survive a motion to dismiss a complaint must contain sufficient factual matter to state a claim to relief…”
“… the Federal Circuit opinion in Lifetime is a good refresher on sufficiency of facts needed for filing a complaint alleging patent infringement. It is a refresher also on proving infringement resulting from assembly of components to make the claimed product when not all of the components are made by the same party.”

2017/10/06
“Patent Drafting 101: Going a Mile Wide and Deep with Variations in a Patent Application – IPWatchdog.com | Patents & Patent Law”
“You want to file a patent application with a description that is a mile wide, but you must also drill down more than one inch deep to teach the nuances…”
“… the best mode requirement is now a toothless tiger. Notwithstanding, generally speaking most inventors will undoubtedly want protection for what they perceive as the best mode (i.e., the best way to do things), which means you will need to disclose the best mode in order to claim the best mode.”

2017/10/06
“Court Cites Risk Of Competitive Misuse To Deny Modification Of Protective Order”
“Order Denying Motion to Modify Protective Order, PhishMe, Inc., v. Wombat Security Technologies, D. Del. (September 18, 2017) (Judge Christopher J….”
“Useful discussion of AEO (attorney eyes only) designation, whether in-house counsel is involved in “competitive decision making”.”

2017/10/04
“Key Document Is Unsealed in Waymo’s Trade Secrets Case Against Uber”
“The document, a due diligence report about Uber’s acquisition of an autonomous trucking start-up, contains details about whether Uber may have known it was getting stolen information.”
“On the one hand, “After leaving Google, Mr. Levandowski said he found a data storage container in his house containing “source code, design files, laser files, engineering documents, and software related to Google self-driving cars,” according to the report, information that Mr. Levandowski said he downloaded as a matter of “his departure from ordinary course of business.” On the other hand, “Even after 60 hours of inspection of our facilities, source code, documents and computers – no Google material has been found at Uber,” Matt Kallman, a spokesman for Uber, said in a statement.”

2017/09/29
“Zuckerberg’s Preposterous Defense of Facebook”
“If everyone is upset with you, as the platform’s chief says, are you really doing something right?”
“Zuckerberg’s Preposterous Defense of Facebook; excellent article by Zeynep Tufekci (author of Twitter and Teargas)”

2017/09/29
“The Inside Story of Equifax’s Massive Data Breach”
“The intruders broke in and then handed off to a more sophisticated team of hackers, the hallmarks of a state-sponsored operation.”
“One of the tools used by the hackers-China Chopper-has a Chinese-language interface, but is also in use outside China, people familiar with the malware said.”

2017/09/29
“Kaspersky US government ban – what are the reasons behind the decision?”
“What is the basis for the ban on Kaspersky products being used by US government authorities? Can we be told?”

2017/09/29
“The CCleaner Malware Fiasco Targeted at Least 18 Specific Tech Firms”
“The backdooring of security software CCleaner now appears to have been more of a targeted spying operation than a mere cybercrime scheme.”

2017/09/29
“Stolen password lets hackers into Deloitte’s systems – SecurEnvoy Blog”
“If proof were needed of the importance of multi-factor authentication, then the recent experience of global consultancy Deloitte certainly delivers it. As the Guardian newspaper revealed on September 24th, Deloitte has become the victim of a hacking…”
“No multi factor authentication…”

2017/09/29
“Deloitte Hacked: What We Know Now”
“As first reported by The Guardian, ‘big four’ consulting firm Deloitte is the newest victim of a security breach. Deloitte discovered the hack in March, but…”

2017/09/29
“What Is the Dark Web? Definition and Examples”
“Confusion over what the dark web is shouldn’t be a barrier to defenders realizing the benefits of information gathered from these anonymous communities.”
“There has been a tendency to label the dark web as “any website not indexed by Google,” this definition is far too broad.”

2017/09/29
“No Easy Solutions: Facebook’s Response To Russian Hacking May Determine Tech’s Regulatory Future”
“This is the third article in a series that explores the public affairs challenges facing technology companies in a daunting new world filled with hostile foreign powers, unsettling labor, employment, and intellectual property issues, and unprecedented…”
“If Zuckerberg doesn’t figure out a way to contain [e.g. Troll Factory, Fancy Bear ] he runs the risk of watching his company and other tech giants get devoured by federal regulation – the scenario that Silicon Valley has managed to avert all these years.”

2017/09/28
“Russian-bought Facebook ads sought to amplify political divisions”
“New descriptions of the infamous Russian-bought politically themed ads on Facebook shared with CNN suggest at least some of the ads were working at cross purposes on a range of issues.”
“The apparent goal of the ads, the sources who spoke with CNN said, was to amplify political discord and fuel an atmosphere of incivility and chaos around the 2016 presidential campaign, not necessarily to promote one candidate or cause over another.”

2017/09/28
“Update: Russian Interference in 2016 US Election, Bots, & Misinformation”

2017/09/28
“S.E.C. Hacking Response Provides Road Map for Compromised Companies”
“The Securities and Exchange Commission, which has chastised companies over digital security before, may have its words come back to haunt it.”

2017/09/28
“Source Code Expert Disqualified In StubHub Trade Secret War – Law360”
“An expert witness for StubHub Inc. was recently disqualified after a California federal judge found that she had previously conducted a confidential analysis as a neutral third-party during discussions aimed at settling the trade secrets dispute…”

2017/09/27
“NSA Invites Students to ‘Hack Us!'”
“Undergraduate and grad students who compete to master six tasks receive small token of appreciation for being among first 50 finishers”
“Registration is open for the 2017 Codebreaker Challenge. The contest asks college students to use reverse engineering or the ability to take apart code and fix from scratch a fictional break-in of a government data system.”

2017/09/26
“We’re in the Age of Fake Photos and Videos-Here’s How to Spot Them”
“After Hurricane Harvey hit in August, images and video of the storm’s destruction began to emerge online. The world saw photos of stricken residents surveying their flooded homes, rescuers canoeing down suburban streets, and families camped out in…”
“our visual systems didn’t evolve to look at flat images. As a result, we’re “remarkably inept” at detecting relatively simple geometric inconsistencies in shadows, reflections, and image distortion… There are some relatively simple tricks for determining the geometric accuracy of images. Since light travels in a straight line, for example, shadows and the object that produced them should also lie on a straight line, which can be traced back to the source. But Farid cautions against “armchair forensics.” Determining image authenticity is an extremely difficult process, he notes, akin to DNA fingerprinting.”

2017/09/26
“Scanning the Dutch navy”
“Keeping its vessels in top condition is a critical aspect of a naval force’s readiness, but to do so each part, little or big, needs full attention. Claire Apthorp looks at a project to scan the entire Dutch Navy in 3D.”
“In order to speed up its servicing, Marinebedrijf Koninklijke Marine turned to Artec 3D, a company that produces 3D scanners that allow maintenance personnel to reverse engineer parts for vessels.”

2017/09/26
“Cyberattack at Deloitte Reveals Clients’ Secret Emails”
“One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients.”
“In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.”

2017/09/26
“Mobile stock trading apps ignore critical flaw warnings”
“IOActive discovered vulnerabilities in today’s 21 most popular trading apps — but the vendors couldn’t care less.”
“While IOActive would not name the apps or vendors involved, after reaching out to 13 of the brokers with the worst vulnerabilities, only two bothered to respond.”

2017/09/26
“Reverse Engineering Guitar Hero”
“What do you do when a ten-year-old video game has a bug in it? If you are [ExileLord] you fix it, even if you don’t have the source code. Want to know how? Luckily, he produced a video showing all the details of how he tracked the bug down and fixed it…. You may or may not care about Guitar Hero, but the exercise of reverse engineering and patching the game is a great example of the tools and logic required to reverse engineer any binary software, especially a Windows binary.”

2017/09/26
“ProPublica Seeks Source Code for New York City’s Disputed DNA Software – ProPublica”
“We’re asking a federal court for the code behind a technique that critics say may have put innocent people in prison.”

 

Posted in Uncategorized | Comments closed

This is a test

Checkbox test:

Checked= / 1

Not checked / 1

Checked= / 0

Not checked / 0

Checked (no =) / 0

This is a test of pre-checked checkbox handling in the archive.org Wayback Machine. It is known that the Wayback Machine rewrites links in archived pages. Is there any reason to believe it rewrites anything else? The code above should look like:

<input checked="checked" name="agree" type="checkbox" value="1" /> Checked= / 1

<input name="agree" type="checkbox" value="1" /> Not checked / 1

<input checked="checked" name="agree" type="checkbox" value="0" /> Checked= / 0

<input name="agree" type="checkbox" value="0" /> Not checked / 0

<input checked="checked" name="agree" type="checkbox" value="0" /> Checked (no =) / 0


Posted in Uncategorized | Comments closed

Recent news on source code, reverse engineering, software patent litigation

2017/09/25
Cameras in Custom ROMs: How Developers Make Hardware Work without Source Code
Without source code, how do developers get hardware components such as cameras working in custom ROMs? The answer is a BLOB, shim, and lots of debugging.
Shimming

2017/09/25
Stepping up security in chip design: Texplained
Headquartered in Valbonne, South of France, start-up Texplained is on a mission to render chip-level reverse engineering a dead-end for IC counterfeiters. Although today’s Common Criteria Certification schemes for secure chips consider…
“There is a plethora of countermeasures aimed at non-invasive attacks such as Differential Power Analysis (DPA) side channel attacks for which Rambus provide noise-reduction and obfuscation IP. But the reality, argues Ginet, is that today’s serious counterfeiters want it all, the chip’s internals together with its embedded code, and they opt for invasive attacks most of the time since they get a 100% target hit.”

2017/09/20
Unwanted ads on Breitbart lead to massive click fraud revelations, Uber claims
Uber: We paid Fetch Media for “nonexistent, nonviewable, and/or fraudulent advertising.”

2017/09/19
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
Equifax Inc. learned about a major breach of its computer systems in March — almost five months before the date it has publicly disclosed, according to three people familiar with the situation.
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed

2017/09/19
WordPress to ditch React library over Facebook patent clause risk
Automattic, the company behind the popular open source web publishing software WordPress, has said it will be pulling away from using Facebook’s React..

2017/09/18
`We’ve Been Breached’: Inside the Equifax Hack
The crisis has sent shock waves through the industry, spooked consumers and sparked investigations. A focus for inquiry is a software glitch that appears to be how the intruders got into the company’s systems.

2017/09/17
Federal Rule of Evidence 902(14) Will Especially Impact Social Media Evidence Preservation
On December 1, 2017, Federal Rule of Evidence 902(14) will go into effect, with a significant expected impact on social media evidence collection processes. To review, FRE 902(14) is a very importa…
Authentication of social media posts and print-outs

2017/09/17
Critical Bluetooth Flaws Put Over 5 Billion Devices At Risk Of Hacking
A new attack dubbed BlueBorne exposes 5.3 billion Bluetooth-enabled devices to potential hacking and a large number of them will probably never get patched.

2017/09/16
Pirate Bay Allegedly Runs A Bitcoin Miner In Background Of User Systems But It Can Be Blocked
The Pirate Bay made its name as the site to go to if you want to download pirated applications, games, music or movies. The site is infamous for skirting the jurisdiction of authorities in the U.S. and abroad while letting people download and…
Using CoinHive JavaScript

2017/09/16
Sloppy U.S. Spies Misused a Covert Network for Personal Shopping – and Other Stories from Internal NSA Documents
Campaigns to spy on internet cafes and tap Iraqi communications, as well as an intimate NSA examination of Czech spying, are detailed in NSA newsletters.

2017/09/16
NSA Broke the Encryption on File-Sharing Apps Kazaa and eDonkey
The spy agency didn’t care about copyright violations; it was trying to determine if it could find valuable intelligence.
Interesting blast from the past

2017/09/16
Equifax Officially Has No Excuse
A patch that would have prevented the devastating Equifax breach had been available for months.

2017/09/15
What We Know and Don’t Know About the Equifax Hack
The credit reporting company says hackers exploited a bug in popular software for building websites. But the identity of the attackers remains a mystery.
Layered security controls (as well as fixing Struts security bug) would have defeated intrusion; a group called “PastHole Hacking Team” has claimed responsibility, and is demanding $2.5 million in BitCoin or data will be released Friday;

2017/09/14
Security researchers find gross deficiencies on Equifax Argentina site
As we close in on a week since Equifax announced the massive hack that could potentially have exposed the financial information of 143 million consumers in..

2017/09/14
Failure to patch two-month-old bug led to massive Equifax breach
Critical Apache Struts bug was fixed in March. In May, it bit ~143 million US consumers.

2017/09/14
Equifax Breach: Why I am not surprised
The Equifax breach, announced in September 2017, is said to potentially impact some 143 million Americans.  At this point in time Equifax has not shared many details about the breach except the numbers and that the information was extracted through a…
“Another possible angle for the attack is related to the fact that Equifax appears to be a Java shop. According to Wappalyzer (a Chrome and Firefox plugin), the main Equifax website runs on the Java-based Liferay CRM. Another public facing application, the one that consumers log into, also appears to be Java based. ”

2017/09/13
U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage
The Department of Homeland Security issued a directive barring use of the Russian company’s product.

2017/09/13
The Man Behind Plugin Spam: Mason Soiza
This is a follow-up to our story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites”. In this post, we explore who is behind the purchase and corruption of the Display Widgets plugin and at least two other popular….

2017/09/11
Massive Equifax cyberattack triggers class-action lawsuit
Federal court complaint charges Equifax “negligently failed to maintain adequate technological safeguards”

2017/09/09
lgtm
“Code as data”

2017/09/09
The Apacher Software Foundation Issues Statement on Equifax Security Breach
Forest Hill, MD, Sept. 09, 2017 (GLOBE NEWSWIRE) — The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more…

2017/09/09
The hackers who broke into Equifax exploited a flaw in open-source server software
Correction: An earlier version of this article said the vulnerability exploited by the hackers who broke into Equifax was the one disclosed on Sep. 4..
“That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. One was announced in March, and another was announced earlier this week on Sept. 4. At the moment, it’s unclear which vulnerability the Baird report was referring to.”

2017/09/08
Equifax blames vendor software for breach – NYPost
There was a flaw in the open-source software created by the Apache Foundation, says William Blair’s Jeffrey Meuler, who has spoken with Equifax (EFX -12.9%). “My understanding is the breach was pe…”
According to NY Post, Equifax is blaming Apache Struts for the massive breach of consumer data

2017/09/05
Allegation of Open Source Non-Compliance Leads to Anti-Competitive Practice Lawsuit
Many of today’s hottest new enterprise technologies – IoT, Healthcare, AI – are centered around open-source technology. The free and open source software movement has moved well out of grassroots into mainstream – and license compliance issues…
“Panasonic Avionics is a hardware manufacturer and market leader in in-flight entertainment and communication solutions. CoKinetic Systems is a software producer in the same space and a competitor to Panasonic Avionics. The lawsuit claims that Panasonic has violated the GPL license, in addition to employing other monopolizing tactics for in-flight entertainment and communication.”

2017/09/05
Traces of Crime: How New York’s DNA Techniques Became Tainted
The city’s medical examiner has been a pioneer in analyzing complex DNA samples. But two methods were recently discontinued, raising questions about thousands of cases.
“The first expert witness allowed by a judge to examine the software source code behind one technique [FST, which calculates the likelihood that a suspect’s genetic material is present in a complicated mixture of several people’s DNA] recently concluded that its accuracy “should be seriously questioned.”

2017/09/02
Please Define What you Mean by Ordinary Meaning
“Over the past several of years, the court has appeared to be increasingly divided on the question of when a district court (or PTAB judge) must offer an express construction of beyond simply assigning a claim its “plain and ordinary meaning” without further definition. In NobelBiz v. Global Connect, the Federal Circuit ruled that disputed claims must be construed (despite some precedent to the contrary).”

2017/09/02
Qualcomm and Apple Further Their Dispute About Whether Certain Patents Are, In Fact, Disputed | Lexology
A series of motions in the ongoing battle between tech blue chips Qualcomm and Apple about whether the Southern District of California (or any.
… the question of exactly what actions a patent holder must undertake to create an actual case or controversy for a patent-law declaratory judgment action…. When Qualcomm ultimately did provide Apple a claim chart asserting potential infringements, none of the nine patents were in that chart. Therefore, Qualcomm argued, Apple could not point to any affirmative act by it to show its intent to enforce those nine patents…. By using those claim charts as leverage in its license negotiations, Apple alleged Qualcomm did indeed engage in “affirmative acts” that showed its willingness to enforce

2017/09/01
Ex-Nokian Tyres employees convicted in Finland’s biggest ever industrial espionage trial
Ten people have been convicted in Finland’s largest ever trial on charges of breaching commercial confidentiality. The ex-Nokian Tyres employees left the firm to establish their own research and development company, but were prosecuted under Finland’s…
“Information is not confidential if it can be obtained by studying a product, if it can be purchased, if it is generally known or if it is part of a professionally trained individual’s skillset,” read the court judgement. “The District Court has come to the conclusion that none of those conditions has been met, so the information is confidential.”

2017/09/01
Worldwide : Patents And Secrets In The Chemical Industry
A patent gives a temporary monopoly right for an invention. The trade off? That invention must be publicly disclosed, as well as at a cost to secure and maintain patent protection in each country required. Worldwide Intellectual Property Finnegan,…
“In the chemical industry, there further exists the risk of ever improving means for reverse engineering. Also, safety requirements often require near full disclosure of the composition of a product or how the product is made. ”

2017/09/01
P?NP proof fails, Bonn boffin admits
Norbert Blum says his proposed solution doesn’t work

2017/09/01
Chinese Agency Linked to Cyber-Espionage Operations Will Review Source Code of Foreign Firms
According to a new law voted in 2016 and which came into effect starting June 1, 2017, foreign companies activating in China could be forced to provide access to their source code to a state agency that has been recently linked to China’s…
“Chinese authorities say this is to protect citizens by searching the source code of foreign companies for secret mechanisms that collect data on Chinese users and send it to foreign servers.”

2017/09/01
Are Self-Driving Cars a Hacker’s Dream? Think Again | NewsFactor Network
Self-driving cars feel like they should provide a nice juicy target for hackers. But that’s the wrong way round, security researchers say. In fact, self-driving cars may be unintentionally more secure.
“Smith explains that from a hacker’s point of view having just one sensor makes it much easier to fake a signal or event to fool the car into doing something. But self-driving cars are, by and large, smarter. Smith said: “In a self-driving world, fully self-driving, they have to use lots of different sensors.”

2017/09/01
Could someone hack your pacemaker? FDA is recalling 465,000 of them due to that risk
The FDA is recalling 465,000 of the medical devices, which help control one’s heartbeat, citing vulnerabilities that could enable someone to hack into them.
“A representative from the company that makes the pacemakers said in an email that this is not a recall, but instead just a “firmware update” that can be applied to the pacemakers in question…. In 2012, a former hacker named Barnaby Jack proved he could reverse engineer a pacemaker, forcing it to release multiple 830 volt shocks, according to Engadget. A year later, the FDA warned that pacemakers could be connected to networks vulnerable to hacking.”

2017/09/01
Hacking risk leads to recall of 500,000 pacemakers due to patient death fears
FDA overseeing crucial firmware update in US to patch security holes and prevent hijacking of pacemakers implanted in half a million people
“The FDA says that the vulnerability allows an unauthorised user to access a device using commercially available equipment and reprogram it.”

2017/08/30
SAS Institute: Will the Supreme Court End the Partial Institution of IPRs? | Lexology
On July 20, SAS Institute filed its opening brief in the Supreme Court in SAS Institute v. Matal, a case with major potential ramifications both for…
“Does 35 U.S.C. 318(a), which provides that the Patent Trial and Appeal Board in an inter partes review “shall issue a final written decision with respect to the patentability of any patent claim challenged by the petitioner,” require that Board to issue a final written decision as to every claim challenged by the petitioner, or does it allow that Board to issue a final written decision with respect to the patentability of only some of the patent claims challenged by the petitioner, as the Federal Circuit held?”

2017/08/29
Beware Conditional Limitations when Drafting Patent Claims
Patent owners should be mindful of conditional limitations implications because conditional limitations may affect claim validity and infringement.

2017/08/26
Malware analysts’ jobs might get much easier, thanks to SEMU
Malware development vs. malware analysis is a dangerous cyclical arms race-a digital form of cat and mouse where security analysts attempt to rev…

2017/08/26
Handling Improper Coaching of Witnesses During PTAB Deposition Proceedings
Many attorneys have encountered an opposing party’s witness that provides very concise, supportive responses to the questions of the witness’s own…

2017/08/26
3 Lessons from Federal Circuit Ruling on Computer Implemented Inventions
The fate of subject matter eligibility is far from certain today; however, there are a few application drafting takeaways from the Visual Memory case…
… a few application drafting takeaways from the Visual Memory case that can help in getting computer implemented inventions to allowance…

2017/08/26
In a Reversal, Federal Circuit Finds Data Processing Claims Patent-Eligible under Section 101 in Visual Memory v. NVIDIA
Last week, the Federal Circuit held computer memory system patent claims not abstract and thus patent-eligible under Section 101, reversing a lower…

2017/08/26
Save Me Some Money: Paring Down Costs in Patent Litigation
Order Re Pilot Motions for Summary Judgment, Comcast Cable Communications, LLC v. OpenTV, Inc. et. al., N.D. Cal. (August 4, 2017) (Judge William…
… instituted a novel procedure to pare down a case involving more than 100 claims from 13 patents. Judge Alsup created a procedure for “pilot summary judgment motions,” where each party was allowed to bring a single motion on the merits of a single claim. Judge Alsup outlined this pilot procedure in a case management order: [] The patent owner selects the strongest claim in its case for infringement; [] The accused infringer selects the strongest claim in its case for non-infringement or invalidity; …

2017/08/26
When It Comes to Domestic Industry’s Economic Prong, Numbers Speak Louder Than Words
Initial Determination on Violation of Section 337 and Recommended Determination on Remedy and Bond, Certain Radio Frequency Identification (“RFID”)…
… ALJ McNamara’s analysis of the economic prong of the domestic industry requirement. Her decision is notable because of the number and diversity of economic prong theories Neology advanced, and the ALJ’s focus on the presence or absence of quantitative evidence supporting those theories, further cementing the effect of the Federal Circuit’s 2015 Lelo v. ITC decision.

2017/08/26
Preventing Identity Theft-A Tale as Old as Time According to Judge Palermo When She Invalidated Patent Claims for Identity Theft Prevention Software Under  101
Order Granting Summary Judgment in favor of Defendants, Mantissa Corp. v Ondot Systems, Inc., et al, S.D. Tex. (August 10, 2017) (Magistrate Judge…
Court found that identity theft and the solution provided by the asserted claims were “decidedly technology-independent” and that the claims “[d]id not require doing something to computer networks, they require[d] doing something with computer networks.” Consequently, Judge Palermo concluded that the asserted claims failed to recite an inventive concept under step two of the Alice analysis.

2017/08/24
Litigation Misconduct Helps Render a Patent Unenforceable | Lexology
In March 2014, Regeneron Pharmaceuticals, Inc. sued Merus B.V. for allegedly infringing U.S. Patent No. 8,502,018.
… the Court inferred the specific intent to deceive based on Regeneron’s conduct during the litigation… including failure to provide proper infringement contentions…

2017/08/23
AccuWeather for iOS Sending Location Data to Monetization Company Even When Location Sharing is Off [Updated]
Popular and well-known iOS weather app AccuWeather has been caught collecting and sharing user location data even when location sharing permissions…

2017/08/23
How to: Decompile Android APKs and enable in-development features in some apps
If you’ve followed us (or our friends at a couple of Android blogs), you’re probably aware of a little thing we do called APK Teardowns. Basically, we reverse engineer Google’s…

2017/08/21
How we used FCC database as a way to invalidate a patent? – GreyB
FCC ID database, PopSci Archives, Hitachi News page and JEITA are among few non patent literature sources that we use as ways to invalidate a patent.

2017/08/21
Shutterstock has reverse engineered Google’s watermark-removal app
Shutterstock has already found a way to protect its large trove of stock photos against Google’s watermark removal software.

2017/08/18
Apple Store Enough To Keep IP Suit In Delaware, Judge Says – Law360
Apple Inc. may not move a patent-holding company’s infringement suit from Delaware under the new TC Heartland precedent because the tech giant’s retail store in the state qualifies as an “established place of business,” a federal court ruled Wednesday.
“Apple does not dispute Prowire’s allegation it has a retail store in Delaware,” Judge Kearney wrote. “It argues one retail store is not enough to establish a `permanent and continuous presence.’ We disagree; Apple’s retail store is a permanent and continuous presence where it sells the alleged infringing technology to consumers on a daily basis.”

2017/08/18
Federal Circuit Confirms Innovators Must Sue Blind When Biosimilar Makers Withhold Information | Lexology
On August 10, 2017, the Federal Circuit issued its decision in Amgen v. Hospira. It dismissed Amgen’s interlocutory appeal from a discovery order on.
“… companies that do not receive needed information under the Biologics Price Competition and Innovation Act of 2009 (BPCIA) … need to sue blind or risk not obtaining discovery for unasserted patents. The Federal Circuit also confirmed that Rule 11 is satisfied in such blind lawsuits due to an applicant’s withholding of information…. Amgen had also argued that it could not assert its cell culture media patents as it would be risking later being subject to sanctions under Rule 11 for asserting baseless claims of patent infringement. The Federal Circuit rejected Amgen’s theory for two…”

2017/08/18
Hacker claims to have decrypted Apple’s Secure Enclave, destroying key piece of iOS mobile security
A hacker going by the handle xerub has just released what he claims to be a full decryption key for Apple’s Secure Enclave Processor (SEP) firmware. T…
“Decryption of firmware doesn’t equate to decryption of personal data. While SEP’s firmware may have been opened up your personal data isn’t necessarily at risk.”

2017/08/18
Visual Memory v. NVIDIA: The Importance of a Robust Written Description | Lexology
In Visual Memory v. NVIDIA (Fed. Cir. 2017), the Federal Circuit reversed the district court’s holding that Visual Memory’s U.S. Patent No. 5,953,740.
In addition, the patent includes a microfiche appendix with 263 frames of CDL listing. According to the patent, CDL is “a high level hardware description language” that “unambiguously defines the hardware for a digital logic system.” … “The CDL listing completely defines a preferred embodiment of a computer memory system … The listing may be compiled to generate a `C’ source code which may then be compiled … The COFF is then input to a logic synthesis program to provide a detailed logic schematic.”

2017/08/17
Reverse Engineering x86 Processor Microcode
Microcode is an abstraction layer on top of the physical components of a CPU and present in most general-purpose CPUs today. In addition to facilitate complex and vast instruction sets, it also provides an update mechanism that allows CPUs to be…
Interesting new paper by Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, and Thorsten Holz

2017/08/16
This startup learned the hard way that you do not piss off open-source programmers
Programmers discovered that Kite had quietly injected promotional content and data-tracking functionality into open-source apps. Not cool.
Saga of Kite, Atom, and Sublime Text

2017/08/16
Court rejects LinkedIn claim that unauthorized scraping is hacking
Judge says LinkedIn’s reading of hacking law would have troubling consequences.
“If a page is available without a password, it’s presumptively public and so downloading it shouldn’t be considered a violation of the CFAA. On the other hand, if a site is password-protected, then bypassing the password might trigger liability under federal anti-hacking laws.”

2017/08/16
This startup learned the hard way that you do not piss off open-source programmers
After Kite raised $4 million in venture capital funds in 2016, TechCrunch described it as a tool that “wants to be every developer’s pair-programming buddy.”.

2017/08/16
Spinrilla Refuses to Share Its Source Code With the RIAA
Spinrilla, a popular hip-hop mixtape site and app, is refusing to share its source code with the RIAA. The major record labels want to use the code as evidence in their ongoing piracy lawsuit against the company. Spinrilla notes, however, that handing…
Spinrilla asks rhetorically, “If we sued YouTube for hosting 210 infringing videos, would I be entitled to the source code for YouTube?” … The RIAA, on the other hand, argues that the source code will provide insight into several critical issues, including Spinrilla’s knowledge about infringing activity and its ability to terminate repeat copyright infringers.”

2017/08/14
North Korea’s Missile Success Is Linked to Ukrainian Plant, Investigators Say
Investigators are focusing on the factory as a black-market source for North Korea, a new report and classified intelligence assessments say.
Technology transfer

2017/08/14
Seeking Greater Global Power, China Looks to Robots and Microchips
The country’s effort to take a lead in the technologies of the future, often with the help of foreign companies, is the likely subject of a United States trade investigation.
China re-living early US intellectual property position (state-run media has highlighted the case of Samuel Slater)

2017/08/14
Twin Peaks killing raises questions about algorithm that helped free suspect
A computer program that assigns risk scores to San Francisco criminal defendants is itself under scrutiny after it helped free a 19-year-old man who, just days later, allegedly gunned down a 71-year-old stranger on Twin Peaks. […] in the aftermath…

2017/08/03
Cybersecurity Researcher Hailed as Hero Is Accused of Creating Malware
A British security researcher, credited with stopping the spread of malicious software in May, was arrested in connection with a separate attack.
Marcus Hutchins

2017/07/31
Hackers claim credit for alleged hack at Mandiant, publish dox on analyst
Late Sunday evening, someone posted details alleged to have come from a compromised system maintained by Adi Peretz, a Senior Threat Intelligence Analyst at Mandiant. The leaked records expose the analyst from both a personal and professional…

2017/07/31
The complete history of the IBM PC, part two: The DOS empire strikes
The real victor was Microsoft, which built an empire on the back of a shadily acquired MS-DOS.
“On the other hand, Paterson freely admits that he pulled out his CP/M reference manual and duplicated each of its API calls one by one…. beneath the surface, where he could get away with it, he substantially improved upon his model, notably in disk- and file-handling.”

2017/07/31
Cold War espionage paid off-until it backfired, East German spy records reveal
Industrial espionage is like R&D “on cocaine” for countries that depend on it…

2017/07/28
Breaking open the MtGox case, part 1
The official blog of WizSec, a group of bitcoin security specialists, and their investigation into MtGox.

2017/07/25
Attack of the 50 Foot Blockchain
Excellent book: An experimental new Internet-based form of money is created that anyone can generate at home; people build frightening firetrap computers full of video cards, putting out so much heat that one operator is hospitalised with heatstroke and brain…

2017/07/25
Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts
Excellent book…

2017/07/19
Did you know? Google sees JavaScript links you don’t
Columnist Kyla Becker explains how poor visibility into JavaScript backlinks can impact webmasters’ ability to keep a clean backlink profile.

2017/07/17
The CIA’s Secret 2009 Data Breach, Revealed For The First Time
The inspector general’s 2010 report, obtained by BuzzFeed News through a Freedom of Information lawsuit, details an incident that “could have caused irreparable damage.”
In a security breach never before made public, a CIA employee disclosed highly classified government source code to a contractor who was not authorized to receive it – an incident that the agency’s internal watchdog warned “could have caused irreparable damage.”

2017/07/15
Weak Infringement Position Makes Troll-like Behavior Exceptional
In Adjustacam LLC v. Newegg, Inc., [2016-1882] (July 5, 2017) the Federal Circuit reversed the district court’s decision not to award attorneys’ fees…
Weak Infringement Position Makes Troll-like Behavior Exceptional ; Adjustacam v. Newegg

2017/07/13
Google pays academics millions for key support
Google has paid millions of dollars to academics at British and American universities for research that it hoped would sway public opinion and influence policy in favour of the tech giant….

2017/07/13
Weak Infringement Position Makes Troll-like Behavior Exceptional
In Adjustacam LLC v. Newegg, Inc., [2016-1882] (July 5, 2017) the Federal Circuit reversed the district court’s decision not to award attorneys’ fees…
“While the infringement claim may have been weak at the time of filing, after the district court’s Markman order, the lawsuit was baseless.”

2017/07/12
Was America’s Industrial Revolution Based on Trade Secret Theft? – IPWatchdog.com | Patents & Patent Law
Industrial espionage was practiced in Europe through the 18th Century. This opportunistic behavior was acceptable because of the mercantilist attitude of…
Useful retelling of the Samuel Slater story, even if the author sees too ready to rule out the idea that US trade practices in the 18th century resemble those of other countries today. See also “Trade Secrets: Intellectual Piracy and the Origins of American Industrial Power” by Doron S. Ben-Atar.

2017/07/12
Judge Rakoff Shoots Down eDiscovery Trade Secrets Case
In the booming world of e-discovery services, having a sales team with strong client relationships can mean everything. Or at least for LDiscovery, it was worth about $24 million – which is the sum in bonuses and other potential payments it…

2017/07/12
The Third Circuit Addresses the Defend Trade Secrets Act and Appears to Have Applied the Inevitable Disclosure Doctrine | Lexology
The Defend Trade Secrets Act (DTSA) states very clearly that an injunction issued pursuant thereto may not “prevent a person from entering into an.
“The Defend Trade Secrets Act (DTSA) states very clearly that an injunction issued pursuant thereto may not “prevent a person from entering into an employment relationship,” and that any conditions placed on a former employee’s employment in an injunction must be based on “evidence of threatened misappropriation and not merely on the information the person knows.” This language appears to bar injunctive relief under the DTSA based on the “inevitable disclosure doctrine,” … However …

2017/07/12
Comcast Prevails in Part on Striking OpenTV Infringement Contentions
On June 19, 2017, Northern District of California Judge William Alsup granted-in-part and denied-in-part plaintiff Comcast Cable Communications, LLC’s…
“Comcast contends that OpenTV’s infringement contentions violate Rule 3-1 by: “(1) relying too much on `information and belief,’ (2) charting asserted claims for only one or two accused products despite purporting to accuse more products of infringement, (3) asserting indirect infringement theories in generic terms by merely tracking the pertinent statutory language, (4) using only boilerplate language to assert infringement under the doctrine of equivalents, and (5) failing to identify specifically the patent owners’ own `instrumentalities and products …” Grant in part -> compel amendment.

2017/07/12
When reverse engineering is difficult, infringement of software trade secrets is confirmed | Lexology
In SI Engineering Srl v Lantek Systems Srl the first instance of the Court of Turin confirmed that, when software ? namely a proprietary format for.
Case from Turin, Italy: “the court’s opinion was grounded on the report of the technical expert appointed by the first-instance Court of Turin, which found that reverse engineering was made extremely difficult because of variable-length codes obtained through random and redundant code elements, and that these latter features were in fact reasonable measures for protecting SI Engineering secret information in the field of computing devices.”

2017/07/11
Cybersecurity expert fights for realism
Robert M. Lee thinks we should start taking infrastructure cybersecurity seriously.
“Marketing the apocalypse to the detriment of the actual threat. ”

2017/07/11
Google Patches Critical `Broadpwn’ Bug in July Security Update
The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed `Broadpwn’ that impacts both Android and iOS devices.

2017/07/11
New Attack Recovers Satellite Phone Crypto Key in Fraction of a Second
A team of researchers from China has developed a new attack on one of the ciphers used to secure the communications of satellite phones that enables them to recover a 64-bit key in a fraction of a …

2017/07/11
Icewind Dale 2 can’t be ‘Enhanced’ because the source code is lost
Beamdog boss Trent Oster said the studio has moved on to other things.
Yes, software vendors really do lose source code

2017/07/10
How to perform cloud-based application analysis
Application analysis is an important step for organizations to take before using cloud-based applications. Here are some ways to do that.
Overview of using static analysis (strings, API call names, signatures) and dynamic analysis (registry, network, memory; debuggers, sandboxes, dynamic binary instrumentation e.g. Frida, Valgrind, Strace)

2017/07/07
NotPetya hackers obtained source code of accounting software to wreck Ukrainian businesses
The software maker may face criminal charges for ignoring warnings from security experts about an impending cyber-attack.

2017/07/07
Petya victims given hope by researchers – BBC News
A team claims to have found a way of decrypting some files damaged in the recent cyber-attack.
Dmitry Sklyarov

2017/07/07
Limn 8: a social science journal issue devoted to hacking
“The issue’s provocative table of contents includes Matt Jones on “The Spy Who Pwned Me” (“How did we get to state-sponsored hacking?”); Renée Ridgway on “Who’s hacking whom?” (“What can you do with a Tor exploit?”); an interview with Boing Boing favorite Lorenzo Franceschi-Bicchierai “about the details of the DNC hacks, making sense of leaks, and being a journalist working on hackers today” and another interview with veteran security journalist Kim Zetter “about infrastructure hacking, the DNC hacks, the work of reporting on hackers…”

2017/07/07
Interoperability and the Copyright Office’s Section 1201 Report – Disruptive Competition Project
In its recent report on Section 1201 of Title 17, the Copyright Office amended-in a positive way-its prior interpretation of the interoperability exception in section 1201(f). The Office corrected its assertion in recent section 1201 rulemakings…
… Section 1201 prohibits the circumvention of technological protection measures (TPMs) that restrict access to copyrighted works. It also prohibits the development and distribution of the tools necessary to achieve this circumvention. Section 1201 contains a variety of exceptions, including section 1201(f), which is entitled “Reverse Engineering.” …The Office acknowledged that it would allow consumers to jailbreak their smartphones, without requiring an exemption…. Thus parties that previously sought exemptions will not have to in the rulemaking cycle the Copyright Office just announced.

2017/07/07
Gnireenigne
Reverse engineering (now does the title make sense?) is a common and legitimate business practice. The federal Defend Trade Secrets Act even…

2017/07/05
Bitcoin Ethical Hacking Leads to Solving FBI Murder Case
Bitcoin ethical hacking shed some light on FBI murder case of Mrs. Amy Allwine which resulted in arrest of the real suspect.

2017/07/05
Private Sector Cyber Intelligence Could Be Key to Workable Cyber Arms Control Treaties
The Obama-Xi cybersecurity agreement shows that the private sector can both demonstrate and encourage state compliance with such agreements.
“observers also missed the critical role that the private sector would play in providing the parties with evidence of their good-faith progress toward implementation….”

2017/07/05
This Open Source Online Raspberry Pi Simulator By Microsoft Works Right Inside Your Browser
With the help of Microsoft’s open source Raspberry Pi Simulator, you can do the same right inside your web browser. You can also connect it to the Azure IoT Hub and collect sensor data.

2017/07/05
On the Inspection of Anti-Virus Source Code to Demonstrate the Lack of Offensive Cyber Capabilities
Inspecting anti-virus source code is probably not enough to make Kaspersky products a safe tool for Congress.
“the source code of such products (i.e., the program) is different than the malware databases off of which these products operate… What if the malware database does not contain the signature of malware X, which happens to originate from Russian intelligence? The product will not detect it, and malware X will penetrate to the user’s machine … Why did the database not contain X’s signature? This is the critical question-and it’s impossible to answer. ”

2017/07/04
SAP, HP Want Software Co. Sanctioned for ‘Fishing Expedition’ – Law360
SAP America and HP urged a California federal judge on Friday to sanction a Silicon Valley software company and its attorneys for filing a new infringement suit in sprawling litigation over an e-commerce patent, saying “one attempted fishing…

2017/07/04
The E-Discovery Digest – June 2017
The seventh edition of The E-Discovery Digest focuses on recent decisions addressing the scope and application of the attorney-client privilege and…
including:
Party Compelled to Write Computer Program to Identify Relevant Data … Meredith v. United Collection Bureau, Inc., No. 1:16 CV 1102, 2017 U.S. Dist. LEXIS 56783 (N.D. Ohio Apr. 13, 2017) …

2017/07/03
Russian Cybersecurity CEO Offers Source Code for U.S. Inspection
Kaspersky offers transparency as Russian hacking tensions mount.

2017/07/01
Practice Tips for the Trade Secret Holder: Navigating Discovery Under the Defend Trade Secrets Act
Explore how courts have treated the trade secret holder’s disclosure obligations in cases brought under the DTSA, including whether, when, and how the “reasonable particularity” standard has been applied. Take a look at some practice tips for…
… court found that although the plaintiff had described certain of its purported trade secret product designs with “enough specificity,” the plaintiff’s claims would not survive summary judgment because the plaintiff failed to rebut the defendants’ contention that the product designs were readily ascertainable by reverse engineering. …

2017/06/29
Practice Tips for the Trade Secret Holder: Preparing a Complaint under the Defend Trade Secrets Act
Strategic tools and news that general counsel need to better manage their legal departments and fully understand the business risks companies face today.
… alleging the existence of a trade secret under the DTSA requires setting forth information regarding secrecy measures, economic value, and lack of general knowledge/ascertainability. By way of example, one court granted a motion to dismiss, finding the complaint “entirely devoid of any allegations of how [Plaintiff] protected the information in question from dissemination.” … DTSA requires that trade secrets relate to a product or service used or intended for use in interstate or foreign commerce, and failing to allege that this requirement is met has also provided grounds for dismissal.

2017/06/29
Judge Orders Magic Leap to Be More Precise In Describing the Trade Secrets Former Executive Allegedly Stole
A recent decision from the Northern District of California, Magic Leap, Inc. v. Bradski et. al., shows that employers must meet a high standard when filing a California Code of Civil Procedure Section
… Under the California Uniform Trade Secrets Act (“CUTSA”), the disclosure statement, which does not have a counterpart in the federal Defend Trade Secrets Act, requires a plaintiff to “identify the trade secret with reasonable particularity” …. to separate it from matters of general knowledge in the trade or of special knowledge of those persons who are skilled in the trade,…

2017/06/29
Patent Owner Statements in IPR May Result in Prosecution Disclaimer | Lexology
Addressing for the first time the issue of whether statements made during America Invents Act post-grant proceedings can trigger a prosecution.
… CAFC upheld the district court’s ruling that arguments made by a patent owner during an inter partes review (IPR) proceeding can be relied on to support a finding of prosecution disclaimer during claim construction….

2017/06/29
Oversight of use of open source code crucial as GDPR approaches, says industry expert
Mike Pittenger, vice president of security strategy at Black Duck Software, told Out-Law.com that many businesses either remain unaware that they are running popular open source components within their software at all or that security…

2017/06/27
Clive Turvey’s dumppe and dumppdb utilities for Windows PE and debug symbol files
Clive Turvey has written some excellent tools for extracting information from Windows PE executable (exe, dll, sys, etc.) files, and from Windows PDB debug symbol files. Clive has given me permission to…

2017/06/27
Risky IT Programs – The Use of Algorithms and Risk of Collusion under Antitrust Laws | Lexology
On 14 June 2017, the OECD published a Note from the EU on Algorithms and Collusion (DAF/COMP/(2017)12 – here) (the EU Note). An updated background.
… companies are using algorithms to adapt their prices to quickly changing market conditions – almost in real time. The use of algorithms makes the traditional information sharing/price fixing cartelist look outdated. However, the key question is whether and under what conditions the competition authorities might view the use of algorithms as a competition law offence. The good news is that they generally won’t. The bad news is that any technical improvement of your self-learning algorithms can make you cross the Rubicon and expose you to great liability….

 

Posted in Uncategorized | Comments closed