Tech Scoop - Hot Technology Gossip

DNS Flaw Is A Serious Security Threat

Timothy Lee — Thu, 24 Jul 2008 02:18:00 +0000

Aaron Massey has a good write-up of the DNS vulnerability that was discovered by security researcher Dan Kaminsky and leaked onto the Internet this week. In a nutshell, a flaw in the design of the DNS protocol (which translates domain names like "techdirt.com" to IP addresses) will make it possible for malicious individuals to invisibly redirect web traffic from legitimate sites to sites of the attacker's choosing. This is a huge deal because a ton of online applications and services depend on reliable DNS for their security. You might think you're visiting your bank's website, but if your DNS server isn't patched you could really be sending your password to hackers in Russia. Kaminsky tells Wired that fewer than half of the DNS servers on the Internet were patched when the details of the vulnerability leaked, so it's a real problem. If your ISP hasn't patched its DNS servers, you can protect yourself by switching to OpenDNS until they do so.

There's a long-running argument in computer security circles about the best way to release information about security vulnerabilities, with a lot of security professionals favoring immediate, public disclosure of all vulnerabilities. Kaminsky chose not to go the public disclosure route because he felt this bug was too serious to take the risk of its being misused. Kaminsky approached the major DNS vendors in March, and managed to keep the details secret long enough for them to develop fixes for their products. Then, on July 8, Kaminsky announced the simultaneous release of these fixes, while still keeping the details of the vulnerability secret. (The fixes worked in a general enough way that they didn't give away the details of the vulnerability.) He had been intending to keep it secret until August 8, so that systems administrators would have a full month to prepare their networks. Unfortunately, the information leaked out on Monday, leading to a scramble to patch the remaining DNS servers before exploits start showing up. Given the scope of the patching effort (16 people from various organizations were invited to the secret March summit among DNS vendors), I think it's pretty impressive that the details didn't leak out earlier.

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

DNS Flaw Is A Serious Security Threat

Timothy Lee — Thu, 24 Jul 2008 02:18:00 +0000

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

300,000 UK Motorists Say GPS Lead Them Into Danger — But Not All Of Them Followed

Michael Ho — Thu, 24 Jul 2008 00:48:00 +0000

Drivers in the UK seem to really have a problem with completely relying on GPS navigation directions. But it's hard to believe the headline that GPS devices caused 300,000 crashes for motorists across the pond. Based on a quick search, the UK's Department for Transport reported less than 500,000 traffic accidents in 2001 on all the roads in the UK. So unless the number of traffic accidents has skyrocketed over the last few years, it would seem that GPS devices are to blame for a significant number of vehicle accidents. (It's not clear over what time period those 300,000 GPS-caused accidents occurred -- but presumably those 300,000 crashes didn't start happening in the 1980's.)

However, the UK poll actually says that one in fifty UK drivers -- about 300,000 motorists -- blames GPS for causing or nearly causing an accident -- which is hardly the same thing as GPS devices causing 300,000 accidents. But even so, if the poll numbers are accurate, it also seems amazing that there isn't a follow-up headline regarding a class action lawsuit against these "dangerous" GPS devices. Clearly, there are a sizable number of drivers who need more reminders that automated directions are not 100% reliable. Given the somewhat saturated GPS device market, maybe more safety features should become a differentiator -- instead of novelty Knight Rider voices and navigators disguised as teddy bears.

Permalink | Comments | Email This Story

Is Google’s Proprietary Tech Stack Destroying Its Acquisitions?

Michael Masnick — Wed, 23 Jul 2008 23:21:00 +0000

While Google has bought plenty of small startups, almost none of those deals have amounted to very much. It almost seems like most of the startups disappear into Google forever. There are a few exceptions such as YouTube and (maybe) Writely. But the list of startups that have simply languished or died is much longer. TechCrunchIT is running an interesting post that suggests one of the key reasons: Google's proprietary tech stack. While Google is a big open source supporter for lower level infrastructure, once you get above that -- it's very much a strong believer in doing everything its own way. I've heard from friends at Google about the difficulty they've had learning to deal with Google's tech stack -- and certainly have heard how it's slowed down the progress of some Google acquisitions while they learn how to "transition."

In fact, some have pointed out that this is one of the side benefits to Google's AppEngine offering. Since it exposes some of Google's tech stack to folks for them to develop and run their applications, it will make it much easier to integrate them into Google at a later date. So, for startups whose strategy is to get acquired by Google (and, I should note, if you start with that strategy, you're probably going to fail), it may make sense to develop on AppEngine just because you're already signaling to Google that the integration costs are significantly lower.

Still, this highlights one of the major downsides to Google's belief that it can do everything much better than everyone else by starting from scratch: in doing so, it actually makes it much harder to capitalize on synergies from many acquisition targets. Yes, there are reasons to go against the "standard" way of doing things, but there are significant costs as well.

Permalink | Comments | Email This Story

FCC’s Adelstein Drags Out XM-Sirius Review Even More

Timothy Lee — Wed, 23 Jul 2008 21:47:00 +0000

As we predicted last month, the FCC's approval process for the XM-Sirius merger continues to drag on. This is becoming absurd. The merger was announced almost 18 months ago, which should have been more than enough time for the FCC to reach a decision, or at least come up with its merger conditions for the companies to consider. Yet it was only last month that Chairman Martin came up with his initial proposed conditions, and now Commissioner Adelstein is proposing even more restrictions as a condition of approving the deal. As I've pointed out before, the way antitrust law is enforced is problematic because of the unbridled decision it gives to government bureaucrats.

Adelstein's laundry list of merger conditions appears to have no particular connection to preventing the abuse of monopoly power, the supposed purpose of antitrust law. For example, he would require a 6-year freeze on price increases. If he believes the merged company would have too much market power, then he should vote to deny the merger. If, on the other hand, the merged company would not have too much market power, then a price freeze isn't necessary because competition will be sufficient to keep prices down. But the idea that they have too much monopoly power today, but won't in 6 years, doesn't make a lot of sense. His other major requirement, more minority-owned and non-profit channels, has even less connection to limiting the firm's market power. More minority-owned radio stations may or may not be good policy, but it has nothing to do with antitrust law, and it seems problematic for the FCC to impose those sorts of requirements as part of the merger review process.

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

FCC’s Adelstein Drags Out XM-Sirius Review Even More

Timothy Lee — Wed, 23 Jul 2008 21:47:00 +0000

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

Advocacy Group Claims Google Maps Is A Tool Of Child Predators

Michael Masnick — Wed, 23 Jul 2008 20:11:00 +0000

We've been talking about the popularity of "technopanics," where the press (often spurred on by "advocacy" groups) push out a "but think of the children" campaign to worry about how child predators are using this or that kind of technology -- when the reality is that there is often little to no evidence that this is actually happening or a serious threat. Studies eventually show that the press blew the "threat" way out of proportion, but by then it's too late. The public already believes that there's a huge threat. This isn't to say that there aren't some folks who have used these sites to prey on children -- or that people shouldn't be aware that it's a risk. But most kids seem to have no problem ignoring or brushing off the extremely rare solicitations they might get -- usually because their parents or educators taught them to be cautious around random strangers.

So, with studies finally showing the lack of a threat on social networks, it seems that technopanic advocates have had to move on to things like gaming consoles. The latest is even more ridiculous. Apparently an advocacy group is trying to warn people about the supposed dangers of Google's Street View technology. Apparently, they're worried that child predators will use the tech to scope out where children live, because Google Street View might possibly maybe have caught kids playing outside. Is there any evidence that this has actually happened? Nope. Is there any reason to think that this makes sense for a child predator as compared to actually getting in a car and driving around and seeing what's happening out in broad daylight? Nope. It's just fear, fear, fear!

Amusingly, I found this story from Stephen Shankland at News.com, who points out that the same day that advocacy group put out its fearmongering press release, another group was announcing how you can use its new service, built on Google Maps, to see if any registered sex offenders live near you. So, while we have one group warning about how Google Maps can be used for evil, another group is pointing out how it can be used to see if there are any threats in the neighborhood.

Permalink | Comments | Email This Story

European Intellectual Property Scholars: Copyright Extension Harms Innovation

Michael Masnick — Wed, 23 Jul 2008 18:43:00 +0000

Following the EU's misguided proposal to extend performance copyrights on songs from 50 years to 95 years, a group of professors from intellectual property, legal and innovation positions, have gotten together to send a highly critical letter, pointing out why such a copyright extension is not necessary and, in fact, will be quite harmful. Here's a snippet of the letter:

Unanimously, the European centres for intellectual property research have opposed the proposal. The empirical evidence has been summarised succinctly in at least three studies: the Cambridge Study for the UK Gowers Review of 2006; a study conducted by the Amsterdam Institute for Information Law for the Commission itself (2006); and the Bournemouth University statement signed by 50 leading academics in June 2008.

The simple truth is that copyright extension benefits most those who already hold rights. It benefits incumbent holders of major back-catalogues, be they record companies, ageing rock stars or, increasingly, artists' estates. It does nothing for innovation and creativity. The proposed Term Extension Directive undermines the credibility of the copyright system. It will further alienate a younger generation that, justifiably, fails to see a principled basis.

Hopefully, European politicians will actually pay attention to this condemnation of the proposed extension.

Permalink | Comments | Email This Story

How Congress Might Accidentally Ban US Companies From Doing Business In The US

Timothy Lee — Wed, 23 Jul 2008 17:15:00 +0000

A couple of years ago, we wrote about a proposal to restrict search engine companies from doing business in foreign countries whose Internet policies the United States government deems "repressive." In March, we noted that it was back. Jonathan Zittrain has written up an analysis of the latest version. It would supposedly "prevent US companies from aiding the censorship and surveillance operations of repressive foreign governments." It would target "Internet Restricting Countries," which are countries that are "directly or indirectly responsible for a systematic pattern of substantial restrictions on Internet freedom."

Now, I understand that the intent is to target truly repressive regimes like China and Cuba, but I have to wonder about how this is being defined. After all, you could argue that the United States's gambling ban is a "substantial restriction on Internet freedom." Ditto for the recent FISA bill, which allows warrantless dragnet surveillance of Americans' international calls. Likewise, some European countries restrict Internet freedom with regard to Nazi memorabilia. And of course the Australian government forces its ISPs to censor online pornography. Will American companies be prohibited from doing business in the United States, France, Germany, and Australia? Somehow I doubt it. All of which is to say that putting the US government in charge of drawing up a list of countries with bad Internet policies seems like a bad idea. The list will wind up being a political football rather than an objective assessment of countries' internet policies, and in any event it will hurt American businesses a lot more than it will promote human rights abroad.

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

How About Five Year Renewable Copyrights With A Use-It-Or-Lose-It Clause?

Michael Masnick — Wed, 23 Jul 2008 15:48:00 +0000

Over the years, we've seen numerous ideas and recommendations for ways to fix copyright, and a popular one is getting rid of the automatic creation of copyright on new works, requiring individuals to actually register that work -- often combined with a shorter time limit on copyrights that would have a renewal option. Larry Lessig has long supported such a system. The thinking is that this still lets those big companies who want to hoard their copyrights forever do so, but opens up plenty of other orphaned content that is locked down just because Disney doesn't want to lose the copyright on Mickey Mouse. Benjamin Krueger points us to Andrew Dubber's recent proposal of switching to a five-year renewable copyright plan, that also includes a use-it-or-lose it clause. Basically, copyright holders who want to retain their copyright can do so, but they have to renew the registration once every five years. And, during those five years, the content has to be available commercially one way or another. This way, if content is being neglected, ignored, abandoned or orphaned, it makes its way into the public domain in short order, where perhaps others can make it more useful. This would seem to fit much more closely with the original purpose of copyright law, though (as per usual), I'm sure there will be many complaints from copyright holders about how such a system would destroy their rights. When reading through those, though, note that they never seem very concerned with the rights of the public either.

Permalink | Comments | Email This Story