Wednesday, December 7, 2005

EFF Has Outlived Its Usefulness? EFF Has Outlived Its Usefulness?  An anonymous reader writes "An inflammatory article runs today on The Register, with the title EFF Volunteers to Lose Sony Rootkit Suit. The article argues that the EFF's track record in court is detrimental to everyone with an interest in digital and privacy rights." From the article: "This is a very good cause. Sony installed stealth spyware on many thousands of Windows computers (although calling it a rootkit is an exaggeration), and it's crucial that the company get its bottom spanked quite painfully as a deterrent to its sister cartels in the entertainment racket. This is, in fact, such an important matter that the worst possible development would be to find the EFF arguing the case. That's because EFF will do what it always does: lose, and set a legal precedent beneficial to the entertainment pigopolists. By the time these pale vegetarians get finished, spreading musical malware will be considered a spiritual work of mercy." What do you think? Isn't it better to fight the good fight? [Slashdot: Your Rights Online] 12:34:56 PM  PermaLink   / trackback []

JS Online: Marquette suspends dental student for blog comments Disciplinary panel says he violated conduct code, but ruling is being appealed A dental student at Marquette University has been suspended for the rest of the academic year and ordered to repeat a semester after a committee of professors, administrators and students determined that he violated professional conduct codes when he posted negative comments about unnamed students and professors on a blog. Scott Taylor, the student's attorney, said his client, a 22-year-old in Marquette's School of Dentistry, was brought before the committee for a conduct hearing last week after a classmate complained about his blog, a Web site that contained musings about topics ranging from his education to videogames and drinking. The focus of the hearing, Taylor said, were half a dozen postings including one describing a professor as "a (expletive) of a teacher" and another that described 20 classmates as having the "intellectual/maturity of a 3-year-old." Taylor released what he said was a complete transcript of the blog, which is no longer available online. Taylor said the student did not want to be identified, and his name could not be confirmed. In a letter to the student dated Dec. 2, Denis Lynch, the dental school's associate dean for academic affairs, said the committee had found the student "guilty of professional misconduct in violation of the dental school's Code of Ethics and Professional Conduct." The student also violated a universitywide code that subjects students to disciplinary action if they participate in stalking, hazing or harassments, the letter states. In addition to informing the student of his suspension and his need to repeat his fall semester, which costs $14,000 in tuition, Lynch threatened the student with expulsion if he continued to post material on "any blog sites that contain crude, demeaning and unprofessional remarks." Marquette spokeswoman Brigid O'Brien Miller said the decision, which is being appealed, is the second time the private university has taken action against a student for statements made on a blog, a form of online communication that is becoming increasingly popular among students and professors across the country. 12:33:04 PM  PermaLink   / trackback []

Marquette Dental Student Suspended For Blogging. Marquette Dental Student Suspended For Blogging. whiteSanjuro writes  "Reported first by the bloggers, and now the mainstream press, is a story of a student being suspended by his university for the rest of the academic year because of entries in the student's blog which the university did not view favorably. It has already had some chilling effects and looks like it will be setting a standard that students at private universities aren't guaranteed free speech online. The student (who wishes to remain anonymous) is appealing the university's decision in an effort to remain in classes and finish out the current semester, but even the terms of re-admittance (pdf) leave the blogger subject to probation, minus a scholarship, and prohibit future free blogging. Perhaps now is the time to consider joining the EFF if you attend a private university and have a blog."  [Slashdot: Your Rights Online] 12:28:19 PM  PermaLink   / trackback []

Government Still Pushing for Cell Phone Tracking Without Probable Cause. Government Still Pushing for Cell Phone Tracking Without Probable Cause. EFF Urges New York Judge to Reject Latest Surveillance Request New York - The Electronic Frontier Foundation (EFF) has asked a federal magistrate judge in New York City to reject a Department of Justice (DOJ) request to track a cell phone user without first showing probable cause of a crime. In a brief filed in New York on Tuesday, EFF and the Federal Defenders of New York argue that no law authorizes the government's request, and that granting the order would threaten Americans' Fourth Amendment right against unreasonable searches. This latest briefing comes after a decision last week in Maryland denying a similar order, which combined with two recent denials published by federal courts in New York and Texas, represents an unprecedented judicial rebuke to the DOJ's surveillance practices. The DOJ's apparently routine practice of asking for and receiving cell-tracking orders without probable cause only recently came to light as a result of these newly published decisions; typically, such requests are made and granted in secret, without any public accounting. "Even though three federal courts have now completely rejected the Justice Department's arguments for tracking a cell phone without probable cause, it is still asking other judges for these plainly illegal surveillance orders," said Kevin Bankston, EFF Staff Attorney. "How many public denials is it going to take before the Justice Department either stops seeking such orders altogether, or is willing to appeal one of these decisions and subject its baseless arguments to scrutiny by higher courts?" The DOJ, despite claims that its cell phone tracking requests are routine, necessary, and perfectly legal, has so far chosen not to appeal any of the recent decisions. For this brief: http://eff.org/legal/cases/USA_v_PenRegister/EFF_FDNY_reply_brief.pdf For more on cell phone tracking: http://www.eff.org/legal/cases/USA_v_PenRegister/ Contact: Kevin Bankston Staff Attorney Electronic Frontier Foundation bankston@eff.org [EFF: Breaking News] 12:23:45 PM  PermaLink   / trackback []

Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability (SecurityFocus) Class - Input Validation Error 12:21:49 PM  PermaLink   / trackback []

Is a New Vulnerability the Tip of the Perl Iceberg? Opinion: It's probably not the basis for a new network worm, but Perl format strings could be fertile ground for more targeted hacking. Last week a serious vulnerability was revealed to relatively little attention from the press, or even from security circles. I think it's a real nasty one, especially in as much as it will go widely unpatched. The program at issue is the ubiquitous Perl programming language. Perl is a scripting language, which means a lot of things to different people, but I think the main characteristic is that it's interpreted in source form in a sort of virtual machine. Perl is widely used for system administration scripting as well as for server-side Web site programming, although in recent years it has been substantially supplanted by PHP, ASP and other server-side scripting languages. This specific vulnerability, the "Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability," relates to the use of string formatting. Perl has string formatting features very similar to those in the C language string library functions, wherein you might use printf("the number is %4u\n",x) to print the value of the integer variable x as a 4-digit unsigned integer. 12:19:42 PM  PermaLink   / trackback []

EFF - Another Sony-BMG Security Vulnerability Discovered. Another Sony-BMG Security Vulnerability Discovered. EFF and Sony-BMG today announced the existence of a new security vulnerability that affects Sony-BMG CDs that include SunnComm MediaMax Version 5 copy protection software. The vulnerability was discovered by the security firm iSEC Partners after EFF requested an examination of the SunnComm software. For more on the vulnerability, including whether you might be affected, see EFF's FAQ on it. Sony-BMG and SunnComm have released a patch that affected users should install immediately. This security vulnerability is distinct from and affects different CDs from the one reported in early November in connection with the First4Internet XCP software. Sony-BMG has disclosed a full list of the 27 CDs that include the SunnComm MediaMax Version 5. [EFF: Deep Links] 12:08:36 PM  PermaLink   / trackback []

Hollywood bets on biometric DRM + P2P. Hollywood bets on biometric DRM + P2P. Thumbs up, or thumbs down? Exclusive Some of you may recall the quixotic crusade of inventor Gary Brant, who we interviewed last year. Gary proposed integrating biometric DRM into a portable MP3 player, and was unabashed when several hundred Register readers wrote in to say what a bad idea it was. Not one reader, in fact, endorsed the idea. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 12:04:10 PM  PermaLink   / trackback []

Sony opens up over another CD security hole. Sony opens up over another CD security hole. Gropes for stop button on content-protected CDs Sony has again been outed for including questionable software on its music CDs, after it emerged a security vulnerability in content protection software shipped on some of its disks could allow consumers' PCs to be hijacked [The Register - Internet and Law: Digital Rights/Digital Wrongs] 12:02:02 PM  PermaLink   / trackback []

MEPs urged to reject data retention plan. MEPs urged to reject data retention plan. 'Irreversibly shift European civil liberties' Privacy International and European Digital Rights (EDRi) are calling on MEPs to reject a proposed Directive on data retention when it comes before the European Parliament next week following an agreement reached by EU Ministers on Friday. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 11:58:24 AM  PermaLink   / trackback []

Secondary Screening: Secondary Screenings on the Subways There's a fine debate -- ahh, hell, call it a meele -- going on over at the malapropblog, Concurring Opinions A recent decision upholding the legality of random searches of New York City subway passengers set off the infighting. Here's the scorecard so far, in reverse chronological order: 11:56:49 AM  PermaLink   / trackback []

PATRIOT Debate Resumes, Action Still Needed. PATRIOT Debate Resumes, Action Still Needed. After failing to reach a compromise on the final draft of the USA PATRIOT renewal bill, as described previously, Congress headed home for some turkey and put off the debate until after the Thanksgiving holiday. Now everyone's back, and the word through the grapevine is not good. We're hearing that a final version of the conference report, essentially unchanged from the last version that we described here, will be coming down in the next day or two. A vote on the Senate and House floors is expected shortly thereafter--probably this week. It's really getting down to the wire, so if you haven't already, call your Members of Congress today and say No! to PATRIOT renewal. [EFF: Deep Links] 11:53:20 AM  PermaLink   / trackback []