SoylentNews is people
SoylentNews
[Editor's Note: This is a little different from our usual offerings, but if you have 10 minutes to spare, it is an interesting read. It explains how users of Limewire - a file sharing program popular 20 or so years ago - were unintionally leaking personal and private data which gave one person an idea that just grew and grew.]
Long, interesting story on cyber-security, in The New Yorker magazine.
Before Robert Boback got into the field of cybersecurity, he was a practicing chiropractor in the town of Sewickley, Pennsylvania, twelve miles northwest of Pittsburgh. He was also selling used cars on eBay and flipping houses purchased at police auctions. The decision to branch out into computers came in 2003, after he watched a "60 Minutes" report by Lesley Stahl about pirated movies. For years, while digital piracy was devastating the music industry, Hollywood had largely been spared; limitations on bandwidth curtailed the online trade in movies. But this was changing, Stahl noted: "The people running America's movie studios know that if they don't do something, fast, they could be in the same boat as the record companies.
The story gets more interesting. Bob visits Langley.
Inside, the head of the Directorate of Science and Technology was joined by an official representing In-Q-Tel, a corporation that the C.I.A. had set up to fund new technologies. (The "Q" refers to the technician in James Bond films.) A follow-up call from one of the participants led to more trips to D.C., and suddenly Boback and Hopkins were journeying through the shadow world of the post-9/11 national-security establishment.
And, file-sharing detection as a service.
Tiversa's prominent supporters quickly helped Boback assemble an impressive client list: Capital One, Lehman Brothers, Goldman Sachs, American Express. The companies were paying for a monthly monitoring service, in which Tiversa scanned for breached corporate information, or the personal data of top executives. By this time, EagleVision X1 could access more than a million users, and its capabilities were expanding. Because peer-to-peer networks were constantly in flux, as people turned their computers on and off,
Hopkins had designed a stable repository for the system, which became known as the Data Store. EagleVision X1, programmed with search terms that were set for clients (for instance, "Lloyd Blankfein," for Goldman Sachs), would scour the networks, then deposit what it found in the Data Store. Each file was labelled to indicate when it was downloaded and what I.P. address it came from, so that its behavior could be tracked—if it remained in the same location, or if it was being shared, or if it suddenly vanished.
What happens to this respository is one of the interesting, and unanswered, questions in the article. Suffice it to say, it does not end well, to get people to buy data security services, sometimes you have to scare them by stealing or faking a theft of their data. Interesting read.
(Score: 3, Interesting) by Anonymous Coward on Saturday November 02 2019, @10:07PM (2 children)
Another Pennsylvaniaian runs a Cyber Security firm that is blatantly violating section 6 of the GPL (v2): Brad Spengler of Open Source Security (GrSecurity).
perens.com/2017/06/28/warning-grsecurity-potential-contributory-infringement-risk-for-customers/
perens.com/static/OSS_Spenger_v_Perens/0_2018cv15189/docs1/pdf/18.pdf
(Page 10 onward of this brief gives a good recitation of the facts and
issues)
https://lkml.org/lkml/2019/10/31/844 [lkml.org]
RMS:
Could you share your thoughts, if any, of why no one will sue GrSecurity
("Open Source Security" (a Pennsylvania company)) for their blatant
violation of section 6 of version 2 of the GNU General Public License?
Both regarding their GCC plugins and their Linux-Kernel patch which is a
non-separable derivative work?
They distribute such under a no-redistribution agreement to paying
customers (the is the only distribution they do). If the customer
redistributes the derivative works they are punished.
That is: GrSecurity (OSS) has created a contract to /Defeat/ the GPL and
has done so successfully so far. Very successfully. The GPL is basically
the BSD license now, since such as been allowed to stand.
This is how businesses see the GPL. They are no longer afraid: They will
simply do what GrSecurity has done. Something that was supposed to stay
liberated: a security patch that helped users maintain their privacy by
not being immediately rooted when using a linux kernel on a GNU system;
is now non-free.
With this the GPL _fails_.
NO ONE has sued GrSecurity. Thus they are seen as "having it right"
"correct" "we can do this".
Wouldn't the FSF have standing regarding the GCC plugins atleast?
Couldn't you all rally linux-kernel copyright holders to bring a joint
action?
References:
perens.com/2017/06/28/warning-grsecurity-potential-contributory-infringement-risk-for-customers/
perens.com/static/OSS_Spenger_v_Perens/0_2018cv15189/docs1/pdf/18.pdf
(Page 10 onward of this brief gives a good recitation of the facts and
issues
(Score: 0) by Anonymous Coward on Sunday November 03 2019, @07:00PM (1 child)
Why does no one sue for the GPL violation and why do such emails get blocked? Possibly every kernel developer and other copyright holder who asks gets paid off by these people?
"Mr. Perens’s statements qualify for protection under California’s anti-SLAPP statute because they were made on an online blog, a quintissenial public forum,"
The EFF should hire lawyers who can spell.
RMS has really fucked up by his abrupt resignation from the presidency of the FSF. All the fake outrage that a team of chattering monkeys could have done on Twatter against RMS do not weigh as heavily on the FSF as the current lack of leadership does. They seem to be still coasting along, running events etc, but they haven't said a peep on what they are going to do now. I haven't even seen them install a temporary president yet.
(Score: 0) by Anonymous Coward on Monday November 04 2019, @02:40AM
I don't know.
This company is really cutting at the root of free software though.
A suit would cost around 500k or more against them however (Federal Question, Diversity suit)