First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.
Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.
After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.
Back in December, we noted that the House Judiciary Committee had approved an unfortunately watered-down, anti-patent troll bill. It was better than nothing, but we hoped that the Senate would approve a much stronger version. For a while it seemed like that was likely to happen, but... those who abuse patents are pretty damn powerful. Even those who have been hit by patent trolls in the past, like Apple and Microsoft, have decided to join forces in lobbying against meaningful patent reform. They've been pushing to water down the Senate's bill, taking out nearly everything that would make the bill useful -- and it appears that they're succeeding.
Here's Hoping The Supreme Court Does Not Blow Another Opportunity To Fix The Software Patent ProblemSubmitted by Rianne Schestowitz on Wednesday 2nd of April 2014 01:22:54 PM Filed under
Four years ago, the Supreme Court had a chance to establish once and for all whether or not software was patentable. The Bilski case got all sorts of attention as various parties lined up to explain why software patents were either evil, innovation-killing monsters or the sole cause of innovation since the cotton gin and everything in between (only slight exaggeration). Rather than actually answer the question everyone was asking, the Supreme Court decided to rule especially narrowly, rejecting the specific patents at stake in the case and saying that the current test used to determine patentability (the so-called "machine-or-transformation" test) need not be the only test for patentability. However, it declined to say what tests should be used, leaving it up to the lower courts to start ruling blindly, making up new tests as they went along. And muddle along blindly they did -- right up to the height of pure absurdism in the CAFC (appeals court that handles patents) ruling in the Alice v. CLS Bank case, in which every single judge disagreed with each other. The ruling was 135 pages of confused mess where all justices only agreed on a single paragraph, which (like Bilski) said this particular patent was invalid, but no one could agree why.
Since leaving SCO, McBride’s life has continued with the sort of gangsteresque intrigue that defined him in the days when he was Linux’s public-enemy-number-one. Last May he made news when The Salt Lake Tribune reported that he had turned over a four year old audio recording of a conversation he had with Mark Shurtleff, who had been Utah’s Attorney General when the recording was made.
The conversation turned around a bad debt McBride was trying to collect.
It seems that McBride invested $286,000 with businessman Mark Robbins, who had promised a $5 million return which McBride had hoped to use to cover legal expenses in the SCO vs. IBM case. Unfortunately for McBride, Robbins skipped town to avoid being served a bench warrant in an unrelated civil case and was nowhere to be found. In an attempt to collect the debt, McBride established a website, Skyline Cowboy, which the Tribune described as “a sort of virtual bounty-hunting operation aimed at flushing out Robbins.”
Later last year rumours of this nonsense started appearing in the tech press so instead of writing a grumpy blog post I e-mailed the community council and said they needed to nip it in the bud and state that no licence is needed to make a derivative distribution. Time passed, at some point Canonical changed their licence policy to be called an Intellectual property rights policy and be much more vague about any licences needed for binary packages. Now the community council have put out a Statement on Canonical Package Licensing which is also extremely vague and generally apologetic for Canonical doing this.
arstechnica.com: Despite the rise in the number of patent trolls launching lawsuits affecting open source software, there are some glimmers of hope. The America Invents Act that was signed into law in September 2011 has provided new ways to prevent the issuance of over-broad software patents that could fuel future lawsuits.
fsf.org: The Free Software Foundation (FSF) today joined eighteen other activist and advocacy organizations in challenging the National Security Agency's (NSA) mass surveillance of telecommunications in the United States with a lawsuit filed by the Electronic Frontier Foundation (EFF).
groklaw.net: SCO was ordered by the judge, the Hon. David Nuffer, to tell him what claims it believes survived SCO's massive loss to Novell, in order to go forward in SCO v. IBM, and it has now done so.
groklaw.net: The Hon. David Nuffer has ruled on the SCO v. IBM motions, granting SCO's motion for reconsideration and reopening the case, which IBM did not object to. Judge Nuffer apologizes to the parties for the error in his previous order refusing to reopen the case.
mybroadband.co.za: Billionaire entrepreneur Mark Shuttleworth has taken the South African government to court to have the country’s exchange control system declared unconstitutional.