Recent news on source code, reverse engineering, software patent litigation

Cameras in Custom ROMs: How Developers Make Hardware Work without Source Code
Without source code, how do developers get hardware components such as cameras working in custom ROMs? The answer is a BLOB, shim, and lots of debugging.

Stepping up security in chip design: Texplained
Headquartered in Valbonne, South of France, start-up Texplained is on a mission to render chip-level reverse engineering a dead-end for IC counterfeiters. Although today’s Common Criteria Certification schemes for secure chips consider…
“There is a plethora of countermeasures aimed at non-invasive attacks such as Differential Power Analysis (DPA) side channel attacks for which Rambus provide noise-reduction and obfuscation IP. But the reality, argues Ginet, is that today’s serious counterfeiters want it all, the chip’s internals together with its embedded code, and they opt for invasive attacks most of the time since they get a 100% target hit.”

Unwanted ads on Breitbart lead to massive click fraud revelations, Uber claims
Uber: We paid Fetch Media for “nonexistent, nonviewable, and/or fraudulent advertising.”

Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
Equifax Inc. learned about a major breach of its computer systems in March — almost five months before the date it has publicly disclosed, according to three people familiar with the situation.
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed

WordPress to ditch React library over Facebook patent clause risk
Automattic, the company behind the popular open source web publishing software WordPress, has said it will be pulling away from using Facebook’s React..

`We’ve Been Breached’: Inside the Equifax Hack
The crisis has sent shock waves through the industry, spooked consumers and sparked investigations. A focus for inquiry is a software glitch that appears to be how the intruders got into the company’s systems.

Federal Rule of Evidence 902(14) Will Especially Impact Social Media Evidence Preservation
On December 1, 2017, Federal Rule of Evidence 902(14) will go into effect, with a significant expected impact on social media evidence collection processes. To review, FRE 902(14) is a very importa…
Authentication of social media posts and print-outs

Critical Bluetooth Flaws Put Over 5 Billion Devices At Risk Of Hacking
A new attack dubbed BlueBorne exposes 5.3 billion Bluetooth-enabled devices to potential hacking and a large number of them will probably never get patched.

Pirate Bay Allegedly Runs A Bitcoin Miner In Background Of User Systems But It Can Be Blocked
The Pirate Bay made its name as the site to go to if you want to download pirated applications, games, music or movies. The site is infamous for skirting the jurisdiction of authorities in the U.S. and abroad while letting people download and…
Using CoinHive JavaScript

Sloppy U.S. Spies Misused a Covert Network for Personal Shopping – and Other Stories from Internal NSA Documents
Campaigns to spy on internet cafes and tap Iraqi communications, as well as an intimate NSA examination of Czech spying, are detailed in NSA newsletters.

NSA Broke the Encryption on File-Sharing Apps Kazaa and eDonkey
The spy agency didn’t care about copyright violations; it was trying to determine if it could find valuable intelligence.
Interesting blast from the past

Equifax Officially Has No Excuse
A patch that would have prevented the devastating Equifax breach had been available for months.

What We Know and Don’t Know About the Equifax Hack
The credit reporting company says hackers exploited a bug in popular software for building websites. But the identity of the attackers remains a mystery.
Layered security controls (as well as fixing Struts security bug) would have defeated intrusion; a group called “PastHole Hacking Team” has claimed responsibility, and is demanding $2.5 million in BitCoin or data will be released Friday;

Security researchers find gross deficiencies on Equifax Argentina site
As we close in on a week since Equifax announced the massive hack that could potentially have exposed the financial information of 143 million consumers in..

Failure to patch two-month-old bug led to massive Equifax breach
Critical Apache Struts bug was fixed in March. In May, it bit ~143 million US consumers.

Equifax Breach: Why I am not surprised
The Equifax breach, announced in September 2017, is said to potentially impact some 143 million Americans. At this point in time Equifax has not shared many details about the breach except the numbers and that the information was extracted through a…
“Another possible angle for the attack is related to the fact that Equifax appears to be a Java shop. According to Wappalyzer (a Chrome and Firefox plugin), the main Equifax website runs on the Java-based Liferay CRM. Another public facing application, the one that consumers log into, also appears to be Java based. ”

U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage
The Department of Homeland Security issued a directive barring use of the Russian company’s product.

The Man Behind Plugin Spam: Mason Soiza
This is a follow-up to our story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites”. In this post, we explore who is behind the purchase and corruption of the Display Widgets plugin and at least two other popular….

Massive Equifax cyberattack triggers class-action lawsuit
Federal court complaint charges Equifax “negligently failed to maintain adequate technological safeguards”

“Code as data”

The Apacher Software Foundation Issues Statement on Equifax Security Breach
Forest Hill, MD, Sept. 09, 2017 (GLOBE NEWSWIRE) — The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more…

The hackers who broke into Equifax exploited a flaw in open-source server software
Correction: An earlier version of this article said the vulnerability exploited by the hackers who broke into Equifax was the one disclosed on Sep. 4..
“That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. One was announced in March, and another was announced earlier this week on Sept. 4. At the moment, it’s unclear which vulnerability the Baird report was referring to.”

Equifax blames vendor software for breach – NYPost
There was a flaw in the open-source software created by the Apache Foundation, says William Blair’s Jeffrey Meuler, who has spoken with Equifax (EFX -12.9%). “My understanding is the breach was pe…”
According to NY Post, Equifax is blaming Apache Struts for the massive breach of consumer data

Allegation of Open Source Non-Compliance Leads to Anti-Competitive Practice Lawsuit
Many of today’s hottest new enterprise technologies – IoT, Healthcare, AI – are centered around open-source technology. The free and open source software movement has moved well out of grassroots into mainstream – and license compliance issues…
“Panasonic Avionics is a hardware manufacturer and market leader in in-flight entertainment and communication solutions. CoKinetic Systems is a software producer in the same space and a competitor to Panasonic Avionics. The lawsuit claims that Panasonic has violated the GPL license, in addition to employing other monopolizing tactics for in-flight entertainment and communication.”

Traces of Crime: How New York’s DNA Techniques Became Tainted
The city’s medical examiner has been a pioneer in analyzing complex DNA samples. But two methods were recently discontinued, raising questions about thousands of cases.
“The first expert witness allowed by a judge to examine the software source code behind one technique [FST, which calculates the likelihood that a suspect’s genetic material is present in a complicated mixture of several people’s DNA] recently concluded that its accuracy “should be seriously questioned.”

Please Define What you Mean by Ordinary Meaning
“Over the past several of years, the court has appeared to be increasingly divided on the question of when a district court (or PTAB judge) must offer an express construction of beyond simply assigning a claim its “plain and ordinary meaning” without further definition. In NobelBiz v. Global Connect, the Federal Circuit ruled that disputed claims must be construed (despite some precedent to the contrary).”

Qualcomm and Apple Further Their Dispute About Whether Certain Patents Are, In Fact, Disputed | Lexology
A series of motions in the ongoing battle between tech blue chips Qualcomm and Apple about whether the Southern District of California (or any.
… the question of exactly what actions a patent holder must undertake to create an actual case or controversy for a patent-law declaratory judgment action…. When Qualcomm ultimately did provide Apple a claim chart asserting potential infringements, none of the nine patents were in that chart. Therefore, Qualcomm argued, Apple could not point to any affirmative act by it to show its intent to enforce those nine patents…. By using those claim charts as leverage in its license negotiations, Apple alleged Qualcomm did indeed engage in “affirmative acts” that showed its willingness to enforce

Ex-Nokian Tyres employees convicted in Finland’s biggest ever industrial espionage trial
Ten people have been convicted in Finland’s largest ever trial on charges of breaching commercial confidentiality. The ex-Nokian Tyres employees left the firm to establish their own research and development company, but were prosecuted under Finland’s…
“Information is not confidential if it can be obtained by studying a product, if it can be purchased, if it is generally known or if it is part of a professionally trained individual’s skillset,” read the court judgement. “The District Court has come to the conclusion that none of those conditions has been met, so the information is confidential.”

Worldwide : Patents And Secrets In The Chemical Industry
A patent gives a temporary monopoly right for an invention. The trade off? That invention must be publicly disclosed, as well as at a cost to secure and maintain patent protection in each country required. Worldwide Intellectual Property Finnegan,…
“In the chemical industry, there further exists the risk of ever improving means for reverse engineering. Also, safety requirements often require near full disclosure of the composition of a product or how the product is made. ”

P?NP proof fails, Bonn boffin admits
Norbert Blum says his proposed solution doesn’t work

Chinese Agency Linked to Cyber-Espionage Operations Will Review Source Code of Foreign Firms
According to a new law voted in 2016 and which came into effect starting June 1, 2017, foreign companies activating in China could be forced to provide access to their source code to a state agency that has been recently linked to China’s…
“Chinese authorities say this is to protect citizens by searching the source code of foreign companies for secret mechanisms that collect data on Chinese users and send it to foreign servers.”

Are Self-Driving Cars a Hacker’s Dream? Think Again | NewsFactor Network
Self-driving cars feel like they should provide a nice juicy target for hackers. But that’s the wrong way round, security researchers say. In fact, self-driving cars may be unintentionally more secure.
“Smith explains that from a hacker’s point of view having just one sensor makes it much easier to fake a signal or event to fool the car into doing something. But self-driving cars are, by and large, smarter. Smith said: “In a self-driving world, fully self-driving, they have to use lots of different sensors.”

Could someone hack your pacemaker? FDA is recalling 465,000 of them due to that risk
The FDA is recalling 465,000 of the medical devices, which help control one’s heartbeat, citing vulnerabilities that could enable someone to hack into them.
“A representative from the company that makes the pacemakers said in an email that this is not a recall, but instead just a “firmware update” that can be applied to the pacemakers in question…. In 2012, a former hacker named Barnaby Jack proved he could reverse engineer a pacemaker, forcing it to release multiple 830 volt shocks, according to Engadget. A year later, the FDA warned that pacemakers could be connected to networks vulnerable to hacking.”

Hacking risk leads to recall of 500,000 pacemakers due to patient death fears
FDA overseeing crucial firmware update in US to patch security holes and prevent hijacking of pacemakers implanted in half a million people
“The FDA says that the vulnerability allows an unauthorised user to access a device using commercially available equipment and reprogram it.”

SAS Institute: Will the Supreme Court End the Partial Institution of IPRs? | Lexology
On July 20, SAS Institute filed its opening brief in the Supreme Court in SAS Institute v. Matal, a case with major potential ramifications both for…
“Does 35 U.S.C. 318(a), which provides that the Patent Trial and Appeal Board in an inter partes review “shall issue a final written decision with respect to the patentability of any patent claim challenged by the petitioner,” require that Board to issue a final written decision as to every claim challenged by the petitioner, or does it allow that Board to issue a final written decision with respect to the patentability of only some of the patent claims challenged by the petitioner, as the Federal Circuit held?”

Beware Conditional Limitations when Drafting Patent Claims
Patent owners should be mindful of conditional limitations implications because conditional limitations may affect claim validity and infringement.

Malware analysts’ jobs might get much easier, thanks to SEMU
Malware development vs. malware analysis is a dangerous cyclical arms race-a digital form of cat and mouse where security analysts attempt to rev…

Handling Improper Coaching of Witnesses During PTAB Deposition Proceedings
Many attorneys have encountered an opposing party’s witness that provides very concise, supportive responses to the questions of the witness’s own…

3 Lessons from Federal Circuit Ruling on Computer Implemented Inventions
The fate of subject matter eligibility is far from certain today; however, there are a few application drafting takeaways from the Visual Memory case…
… a few application drafting takeaways from the Visual Memory case that can help in getting computer implemented inventions to allowance…

In a Reversal, Federal Circuit Finds Data Processing Claims Patent-Eligible under Section 101 in Visual Memory v. NVIDIA
Last week, the Federal Circuit held computer memory system patent claims not abstract and thus patent-eligible under Section 101, reversing a lower…

Save Me Some Money: Paring Down Costs in Patent Litigation
Order Re Pilot Motions for Summary Judgment, Comcast Cable Communications, LLC v. OpenTV, Inc. et. al., N.D. Cal. (August 4, 2017) (Judge William…
… instituted a novel procedure to pare down a case involving more than 100 claims from 13 patents. Judge Alsup created a procedure for “pilot summary judgment motions,” where each party was allowed to bring a single motion on the merits of a single claim. Judge Alsup outlined this pilot procedure in a case management order: [] The patent owner selects the strongest claim in its case for infringement; [] The accused infringer selects the strongest claim in its case for non-infringement or invalidity; …

When It Comes to Domestic Industry’s Economic Prong, Numbers Speak Louder Than Words
Initial Determination on Violation of Section 337 and Recommended Determination on Remedy and Bond, Certain Radio Frequency Identification (“RFID”)…
… ALJ McNamara’s analysis of the economic prong of the domestic industry requirement. Her decision is notable because of the number and diversity of economic prong theories Neology advanced, and the ALJ’s focus on the presence or absence of quantitative evidence supporting those theories, further cementing the effect of the Federal Circuit’s 2015 Lelo v. ITC decision.

Preventing Identity Theft-A Tale as Old as Time According to Judge Palermo When She Invalidated Patent Claims for Identity Theft Prevention Software Under  101
Order Granting Summary Judgment in favor of Defendants, Mantissa Corp. v Ondot Systems, Inc., et al, S.D. Tex. (August 10, 2017) (Magistrate Judge…
Court found that identity theft and the solution provided by the asserted claims were “decidedly technology-independent” and that the claims “[d]id not require doing something to computer networks, they require[d] doing something with computer networks.” Consequently, Judge Palermo concluded that the asserted claims failed to recite an inventive concept under step two of the Alice analysis.

Litigation Misconduct Helps Render a Patent Unenforceable | Lexology
In March 2014, Regeneron Pharmaceuticals, Inc. sued Merus B.V. for allegedly infringing U.S. Patent No. 8,502,018.
… the Court inferred the specific intent to deceive based on Regeneron’s conduct during the litigation… including failure to provide proper infringement contentions…

AccuWeather for iOS Sending Location Data to Monetization Company Even When Location Sharing is Off [Updated]
Popular and well-known iOS weather app AccuWeather has been caught collecting and sharing user location data even when location sharing permissions…

How to: Decompile Android APKs and enable in-development features in some apps
If you’ve followed us (or our friends at a couple of Android blogs), you’re probably aware of a little thing we do called APK Teardowns. Basically, we reverse engineer Google’s…

How we used FCC database as a way to invalidate a patent? – GreyB
FCC ID database, PopSci Archives, Hitachi News page and JEITA are among few non patent literature sources that we use as ways to invalidate a patent.

Shutterstock has reverse engineered Google’s watermark-removal app
Shutterstock has already found a way to protect its large trove of stock photos against Google’s watermark removal software.

Apple Store Enough To Keep IP Suit In Delaware, Judge Says – Law360
Apple Inc. may not move a patent-holding company’s infringement suit from Delaware under the new TC Heartland precedent because the tech giant’s retail store in the state qualifies as an “established place of business,” a federal court ruled Wednesday.
“Apple does not dispute Prowire’s allegation it has a retail store in Delaware,” Judge Kearney wrote. “It argues one retail store is not enough to establish a `permanent and continuous presence.’ We disagree; Apple’s retail store is a permanent and continuous presence where it sells the alleged infringing technology to consumers on a daily basis.”

Federal Circuit Confirms Innovators Must Sue Blind When Biosimilar Makers Withhold Information | Lexology
On August 10, 2017, the Federal Circuit issued its decision in Amgen v. Hospira. It dismissed Amgen’s interlocutory appeal from a discovery order on.
“… companies that do not receive needed information under the Biologics Price Competition and Innovation Act of 2009 (BPCIA) … need to sue blind or risk not obtaining discovery for unasserted patents. The Federal Circuit also confirmed that Rule 11 is satisfied in such blind lawsuits due to an applicant’s withholding of information…. Amgen had also argued that it could not assert its cell culture media patents as it would be risking later being subject to sanctions under Rule 11 for asserting baseless claims of patent infringement. The Federal Circuit rejected Amgen’s theory for two…”

Hacker claims to have decrypted Apple’s Secure Enclave, destroying key piece of iOS mobile security
A hacker going by the handle xerub has just released what he claims to be a full decryption key for Apple’s Secure Enclave Processor (SEP) firmware. T…
“Decryption of firmware doesn’t equate to decryption of personal data. While SEP’s firmware may have been opened up your personal data isn’t necessarily at risk.”

Visual Memory v. NVIDIA: The Importance of a Robust Written Description | Lexology
In Visual Memory v. NVIDIA (Fed. Cir. 2017), the Federal Circuit reversed the district court’s holding that Visual Memory’s U.S. Patent No. 5,953,740.
In addition, the patent includes a microfiche appendix with 263 frames of CDL listing. According to the patent, CDL is “a high level hardware description language” that “unambiguously defines the hardware for a digital logic system.” … “The CDL listing completely defines a preferred embodiment of a computer memory system … The listing may be compiled to generate a `C’ source code which may then be compiled … The COFF is then input to a logic synthesis program to provide a detailed logic schematic.”

Reverse Engineering x86 Processor Microcode
Microcode is an abstraction layer on top of the physical components of a CPU and present in most general-purpose CPUs today. In addition to facilitate complex and vast instruction sets, it also provides an update mechanism that allows CPUs to be…
Interesting new paper by Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, and Thorsten Holz

This startup learned the hard way that you do not piss off open-source programmers
Programmers discovered that Kite had quietly injected promotional content and data-tracking functionality into open-source apps. Not cool.
Saga of Kite, Atom, and Sublime Text

Court rejects LinkedIn claim that unauthorized scraping is hacking
Judge says LinkedIn’s reading of hacking law would have troubling consequences.
“If a page is available without a password, it’s presumptively public and so downloading it shouldn’t be considered a violation of the CFAA. On the other hand, if a site is password-protected, then bypassing the password might trigger liability under federal anti-hacking laws.”

This startup learned the hard way that you do not piss off open-source programmers
After Kite raised $4 million in venture capital funds in 2016, TechCrunch described it as a tool that “wants to be every developer’s pair-programming buddy.”.

Spinrilla Refuses to Share Its Source Code With the RIAA
Spinrilla, a popular hip-hop mixtape site and app, is refusing to share its source code with the RIAA. The major record labels want to use the code as evidence in their ongoing piracy lawsuit against the company. Spinrilla notes, however, that handing…
Spinrilla asks rhetorically, “If we sued YouTube for hosting 210 infringing videos, would I be entitled to the source code for YouTube?” … The RIAA, on the other hand, argues that the source code will provide insight into several critical issues, including Spinrilla’s knowledge about infringing activity and its ability to terminate repeat copyright infringers.”

North Korea’s Missile Success Is Linked to Ukrainian Plant, Investigators Say
Investigators are focusing on the factory as a black-market source for North Korea, a new report and classified intelligence assessments say.
Technology transfer

Seeking Greater Global Power, China Looks to Robots and Microchips
The country’s effort to take a lead in the technologies of the future, often with the help of foreign companies, is the likely subject of a United States trade investigation.
China re-living early US intellectual property position (state-run media has highlighted the case of Samuel Slater)

Twin Peaks killing raises questions about algorithm that helped free suspect
A computer program that assigns risk scores to San Francisco criminal defendants is itself under scrutiny after it helped free a 19-year-old man who, just days later, allegedly gunned down a 71-year-old stranger on Twin Peaks. […] in the aftermath…

Cybersecurity Researcher Hailed as Hero Is Accused of Creating Malware
A British security researcher, credited with stopping the spread of malicious software in May, was arrested in connection with a separate attack.
Marcus Hutchins

Hackers claim credit for alleged hack at Mandiant, publish dox on analyst
Late Sunday evening, someone posted details alleged to have come from a compromised system maintained by Adi Peretz, a Senior Threat Intelligence Analyst at Mandiant. The leaked records expose the analyst from both a personal and professional…

The complete history of the IBM PC, part two: The DOS empire strikes
The real victor was Microsoft, which built an empire on the back of a shadily acquired MS-DOS.
“On the other hand, Paterson freely admits that he pulled out his CP/M reference manual and duplicated each of its API calls one by one…. beneath the surface, where he could get away with it, he substantially improved upon his model, notably in disk- and file-handling.”

Cold War espionage paid off-until it backfired, East German spy records reveal
Industrial espionage is like R&D “on cocaine” for countries that depend on it…

Breaking open the MtGox case, part 1
The official blog of WizSec, a group of bitcoin security specialists, and their investigation into MtGox.

Attack of the 50 Foot Blockchain
Excellent book: An experimental new Internet-based form of money is created that anyone can generate at home; people build frightening firetrap computers full of video cards, putting out so much heat that one operator is hospitalised with heatstroke and brain…

Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts
Excellent book…

Did you know? Google sees JavaScript links you don’t
Columnist Kyla Becker explains how poor visibility into JavaScript backlinks can impact webmasters’ ability to keep a clean backlink profile.

The CIA’s Secret 2009 Data Breach, Revealed For The First Time
The inspector general’s 2010 report, obtained by BuzzFeed News through a Freedom of Information lawsuit, details an incident that “could have caused irreparable damage.”
In a security breach never before made public, a CIA employee disclosed highly classified government source code to a contractor who was not authorized to receive it – an incident that the agency’s internal watchdog warned “could have caused irreparable damage.”

Weak Infringement Position Makes Troll-like Behavior Exceptional
In Adjustacam LLC v. Newegg, Inc., [2016-1882] (July 5, 2017) the Federal Circuit reversed the district court’s decision not to award attorneys’ fees…
Weak Infringement Position Makes Troll-like Behavior Exceptional ; Adjustacam v. Newegg

Google pays academics millions for key support
Google has paid millions of dollars to academics at British and American universities for research that it hoped would sway public opinion and influence policy in favour of the tech giant….

Weak Infringement Position Makes Troll-like Behavior Exceptional
In Adjustacam LLC v. Newegg, Inc., [2016-1882] (July 5, 2017) the Federal Circuit reversed the district court’s decision not to award attorneys’ fees…
“While the infringement claim may have been weak at the time of filing, after the district court’s Markman order, the lawsuit was baseless.”

Was America’s Industrial Revolution Based on Trade Secret Theft? – | Patents & Patent Law
Industrial espionage was practiced in Europe through the 18th Century. This opportunistic behavior was acceptable because of the mercantilist attitude of…
Useful retelling of the Samuel Slater story, even if the author sees too ready to rule out the idea that US trade practices in the 18th century resemble those of other countries today. See also “Trade Secrets: Intellectual Piracy and the Origins of American Industrial Power” by Doron S. Ben-Atar.

Judge Rakoff Shoots Down eDiscovery Trade Secrets Case
In the booming world of e-discovery services, having a sales team with strong client relationships can mean everything. Or at least for LDiscovery, it was worth about $24 million – which is the sum in bonuses and other potential payments it…

The Third Circuit Addresses the Defend Trade Secrets Act and Appears to Have Applied the Inevitable Disclosure Doctrine | Lexology
The Defend Trade Secrets Act (DTSA) states very clearly that an injunction issued pursuant thereto may not “prevent a person from entering into an.
“The Defend Trade Secrets Act (DTSA) states very clearly that an injunction issued pursuant thereto may not “prevent a person from entering into an employment relationship,” and that any conditions placed on a former employee’s employment in an injunction must be based on “evidence of threatened misappropriation and not merely on the information the person knows.” This language appears to bar injunctive relief under the DTSA based on the “inevitable disclosure doctrine,” … However …

Comcast Prevails in Part on Striking OpenTV Infringement Contentions
On June 19, 2017, Northern District of California Judge William Alsup granted-in-part and denied-in-part plaintiff Comcast Cable Communications, LLC’s…
“Comcast contends that OpenTV’s infringement contentions violate Rule 3-1 by: “(1) relying too much on `information and belief,’ (2) charting asserted claims for only one or two accused products despite purporting to accuse more products of infringement, (3) asserting indirect infringement theories in generic terms by merely tracking the pertinent statutory language, (4) using only boilerplate language to assert infringement under the doctrine of equivalents, and (5) failing to identify specifically the patent owners’ own `instrumentalities and products …” Grant in part -> compel amendment.

When reverse engineering is difficult, infringement of software trade secrets is confirmed | Lexology
In SI Engineering Srl v Lantek Systems Srl the first instance of the Court of Turin confirmed that, when software ? namely a proprietary format for.
Case from Turin, Italy: “the court’s opinion was grounded on the report of the technical expert appointed by the first-instance Court of Turin, which found that reverse engineering was made extremely difficult because of variable-length codes obtained through random and redundant code elements, and that these latter features were in fact reasonable measures for protecting SI Engineering secret information in the field of computing devices.”

Cybersecurity expert fights for realism
Robert M. Lee thinks we should start taking infrastructure cybersecurity seriously.
“Marketing the apocalypse to the detriment of the actual threat. ”

Google Patches Critical `Broadpwn’ Bug in July Security Update
The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed `Broadpwn’ that impacts both Android and iOS devices.

New Attack Recovers Satellite Phone Crypto Key in Fraction of a Second
A team of researchers from China has developed a new attack on one of the ciphers used to secure the communications of satellite phones that enables them to recover a 64-bit key in a fraction of a …

Icewind Dale 2 can’t be ‘Enhanced’ because the source code is lost
Beamdog boss Trent Oster said the studio has moved on to other things.
Yes, software vendors really do lose source code

How to perform cloud-based application analysis
Application analysis is an important step for organizations to take before using cloud-based applications. Here are some ways to do that.
Overview of using static analysis (strings, API call names, signatures) and dynamic analysis (registry, network, memory; debuggers, sandboxes, dynamic binary instrumentation e.g. Frida, Valgrind, Strace)

NotPetya hackers obtained source code of accounting software to wreck Ukrainian businesses
The software maker may face criminal charges for ignoring warnings from security experts about an impending cyber-attack.

Petya victims given hope by researchers – BBC News
A team claims to have found a way of decrypting some files damaged in the recent cyber-attack.
Dmitry Sklyarov

Limn 8: a social science journal issue devoted to hacking
“The issue’s provocative table of contents includes Matt Jones on “The Spy Who Pwned Me” (“How did we get to state-sponsored hacking?”); Renée Ridgway on “Who’s hacking whom?” (“What can you do with a Tor exploit?”); an interview with Boing Boing favorite Lorenzo Franceschi-Bicchierai “about the details of the DNC hacks, making sense of leaks, and being a journalist working on hackers today” and another interview with veteran security journalist Kim Zetter “about infrastructure hacking, the DNC hacks, the work of reporting on hackers…”

Interoperability and the Copyright Office’s Section 1201 Report – Disruptive Competition Project
In its recent report on Section 1201 of Title 17, the Copyright Office amended-in a positive way-its prior interpretation of the interoperability exception in section 1201(f). The Office corrected its assertion in recent section 1201 rulemakings…
… Section 1201 prohibits the circumvention of technological protection measures (TPMs) that restrict access to copyrighted works. It also prohibits the development and distribution of the tools necessary to achieve this circumvention. Section 1201 contains a variety of exceptions, including section 1201(f), which is entitled “Reverse Engineering.” …The Office acknowledged that it would allow consumers to jailbreak their smartphones, without requiring an exemption…. Thus parties that previously sought exemptions will not have to in the rulemaking cycle the Copyright Office just announced.

Reverse engineering (now does the title make sense?) is a common and legitimate business practice. The federal Defend Trade Secrets Act even…

Bitcoin Ethical Hacking Leads to Solving FBI Murder Case
Bitcoin ethical hacking shed some light on FBI murder case of Mrs. Amy Allwine which resulted in arrest of the real suspect.

Private Sector Cyber Intelligence Could Be Key to Workable Cyber Arms Control Treaties
The Obama-Xi cybersecurity agreement shows that the private sector can both demonstrate and encourage state compliance with such agreements.
“observers also missed the critical role that the private sector would play in providing the parties with evidence of their good-faith progress toward implementation….”

This Open Source Online Raspberry Pi Simulator By Microsoft Works Right Inside Your Browser
With the help of Microsoft’s open source Raspberry Pi Simulator, you can do the same right inside your web browser. You can also connect it to the Azure IoT Hub and collect sensor data.

On the Inspection of Anti-Virus Source Code to Demonstrate the Lack of Offensive Cyber Capabilities
Inspecting anti-virus source code is probably not enough to make Kaspersky products a safe tool for Congress.
“the source code of such products (i.e., the program) is different than the malware databases off of which these products operate… What if the malware database does not contain the signature of malware X, which happens to originate from Russian intelligence? The product will not detect it, and malware X will penetrate to the user’s machine … Why did the database not contain X’s signature? This is the critical question-and it’s impossible to answer. ”

SAP, HP Want Software Co. Sanctioned for ‘Fishing Expedition’ – Law360
SAP America and HP urged a California federal judge on Friday to sanction a Silicon Valley software company and its attorneys for filing a new infringement suit in sprawling litigation over an e-commerce patent, saying “one attempted fishing…

The E-Discovery Digest – June 2017
The seventh edition of The E-Discovery Digest focuses on recent decisions addressing the scope and application of the attorney-client privilege and…
Party Compelled to Write Computer Program to Identify Relevant Data … Meredith v. United Collection Bureau, Inc., No. 1:16 CV 1102, 2017 U.S. Dist. LEXIS 56783 (N.D. Ohio Apr. 13, 2017) …

Russian Cybersecurity CEO Offers Source Code for U.S. Inspection
Kaspersky offers transparency as Russian hacking tensions mount.

Practice Tips for the Trade Secret Holder: Navigating Discovery Under the Defend Trade Secrets Act
Explore how courts have treated the trade secret holder’s disclosure obligations in cases brought under the DTSA, including whether, when, and how the “reasonable particularity” standard has been applied. Take a look at some practice tips for…
… court found that although the plaintiff had described certain of its purported trade secret product designs with “enough specificity,” the plaintiff’s claims would not survive summary judgment because the plaintiff failed to rebut the defendants’ contention that the product designs were readily ascertainable by reverse engineering. …

Practice Tips for the Trade Secret Holder: Preparing a Complaint under the Defend Trade Secrets Act
Strategic tools and news that general counsel need to better manage their legal departments and fully understand the business risks companies face today.
… alleging the existence of a trade secret under the DTSA requires setting forth information regarding secrecy measures, economic value, and lack of general knowledge/ascertainability. By way of example, one court granted a motion to dismiss, finding the complaint “entirely devoid of any allegations of how [Plaintiff] protected the information in question from dissemination.” … DTSA requires that trade secrets relate to a product or service used or intended for use in interstate or foreign commerce, and failing to allege that this requirement is met has also provided grounds for dismissal.

Judge Orders Magic Leap to Be More Precise In Describing the Trade Secrets Former Executive Allegedly Stole
A recent decision from the Northern District of California, Magic Leap, Inc. v. Bradski et. al., shows that employers must meet a high standard when filing a California Code of Civil Procedure Section
… Under the California Uniform Trade Secrets Act (“CUTSA”), the disclosure statement, which does not have a counterpart in the federal Defend Trade Secrets Act, requires a plaintiff to “identify the trade secret with reasonable particularity” …. to separate it from matters of general knowledge in the trade or of special knowledge of those persons who are skilled in the trade,…

Patent Owner Statements in IPR May Result in Prosecution Disclaimer | Lexology
Addressing for the first time the issue of whether statements made during America Invents Act post-grant proceedings can trigger a prosecution.
… CAFC upheld the district court’s ruling that arguments made by a patent owner during an inter partes review (IPR) proceeding can be relied on to support a finding of prosecution disclaimer during claim construction….

Oversight of use of open source code crucial as GDPR approaches, says industry expert
Mike Pittenger, vice president of security strategy at Black Duck Software, told that many businesses either remain unaware that they are running popular open source components within their software at all or that security…

Clive Turvey’s dumppe and dumppdb utilities for Windows PE and debug symbol files
Clive Turvey has written some excellent tools for extracting information from Windows PE executable (exe, dll, sys, etc.) files, and from Windows PDB debug symbol files. Clive has given me permission to…

Risky IT Programs – The Use of Algorithms and Risk of Collusion under Antitrust Laws | Lexology
On 14 June 2017, the OECD published a Note from the EU on Algorithms and Collusion (DAF/COMP/(2017)12 – here) (the EU Note). An updated background.
… companies are using algorithms to adapt their prices to quickly changing market conditions – almost in real time. The use of algorithms makes the traditional information sharing/price fixing cartelist look outdated. However, the key question is whether and under what conditions the competition authorities might view the use of algorithms as a competition law offence. The good news is that they generally won’t. The bad news is that any technical improvement of your self-learning algorithms can make you cross the Rubicon and expose you to great liability….


Print Friendly, PDF & Email
This entry was posted in blog, Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.