Security

SOPA and Lost Sales

January 16, 2012

A lost sale is customer demand that can’t be filled. SOPA, and most discussions of digital piracy, treat every illegitimate download as a lost sale. I’m not pro-pirate, but that understanding of lost sales is a bad reading of the issue. Tim O’Reilly nailed the problem in a recent Google+ post: The lack of clear evidence in economic harm due to electronic piracy. There’s plenty of emotional baggage evidence in the form of “he’s watching my show/reading my book/playing my game and never paid for it.” This is absolutely true, absolutely unfortunate, and absolutely indicative of bad action on the [...]

Read more →

A Tale of Two Pirates

July 9, 2011

Piracy on the internet is nothing new. With the rise in indie publishing, though, a lot of individuals and small businesses are running into what big publishers have known for a long time: Content piracy is easy and preventing it is hard. I don’t intend to talk about the ethics or effects of piracy. Instead, I want to distinguish between two types of content theft and their different goals. When most casual observers think of piracy, they think of people sharing files via downloads, torrents, or peer-to-peer networks. This is traditional piracy. The person sharing the content knows that sharing [...]

Read more →

Security, Dropbox and the Illusion of Control

June 22, 2011

My wife and I drive similarly. Neither of us is particularly aggressive, we always use turn signals, we maintain similar speeds in comparable conditions. I tend to follow a little closer than she does, and she tends to brake a little later than I do, but there’s no real difference in how we drive. Yet when I’m driving, I know she often has a tight grip on the armrest. When she’s driving, my foot reaches for the imaginary passenger brake. We take identical risks and the same precautions, but I feel less safe when she’s driving, and she feels less safe [...]

Read more →

Smurfs Running Up Your Credit Card Bills

March 16, 2011

Apple is already starting to see issues managing authorization in their payment systems as in my last post. In this case, it wasn’t malware related, but it was still a function of trying to find the right balance between user convenience and payment authorization. When you make a purchase through iTunes, your password is cached for fifteen minutes. In this case, parents were buying on iTunes then handing their phones over to kids who would go on to make huge purchases of Smurfberries in Smurf Village. It does sound irresistible. What’s happening is that Apple is changing the model for online [...]

Read more →

Smartphones, Malware and Payment Systems

March 10, 2011

A flurry of Android malware has been in the news lately, including some discussion of a hack which roots the device. That’s as significant as a compromise gets, but it’s not very interesting. Malware has been rooting devices for a long time, and Android, like anything else will have exploitable vulnerabilities. Much more interesting to me is a trojan app which runs up charges on premium SMS numbers. It’s simple as far as attacks go. The app appears to be a media player, but sends expensive texts in the background. It’s also very clever, as it takes advantage of a [...]

Read more →

Smartphones and Steganography

February 11, 2011

Security researchers published a scary proof of concept attack on Android smartphones. It’s a pair of Trojan apps which cooperate to steal credit card numbers — either spoken into the phone or entered on the keypad — and then covertly relay them back to the attacker. The attack was very cleverly done and highlights new threats enabled by powerful mobile devices. They received a flurry of publicity, but I think the coverage missed one of the really interesting points of their attack. It’s a practical application of steganography to create a covert communication channel inside a device. Steganography is the discipline [...]

Read more →