Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×
The Courts

Insurer Refuses To Cover Cox In Massive Piracy Lawsuit ( 100

An anonymous reader writes with news that Cox Communications' insurer, Lloyds Of London underwriter Beazley, is refusing to cover legal costs and any liabilities from the case brought against it by BMG and Round Hill Music. TorrentFreak reports: "Trouble continues for one of the largest Internet providers in the United States, with a Lloyds underwriter now suing Cox Communications over an insurance dispute. The insurer is refusing to cover legal fees and potential piracy damages in Cox's case against BMG Rights Management and Round Hill Music. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback."

Comment Re:Stop whining and RTFA (Score 1) 222

Which part of this policy did they violate or otherwise fail to implement, and how?

Good question. I guess we will found out as the case unfolds.

The second bullet point is interesting. It means that truly anonymous sites can't meet the safe harbor provision. But my guess is that #3 is their complaint. Cox is saying the copyright holders are spamming them with DMCA requests, so it seems like Cox could be considered to be not responding. This is part of the problem with the DMCA. I wonder what "actual knowledge" means since many of these requests are completely automated.


Green Light Or No, Nest Cam Never Stops Watching ( 199

chicksdaddy writes: How do you know when the Nest Cam monitoring your house is "on" or "off"? It's simple: just look at the little power indicator light on the front of the device — and totally disregard what it is telling you. The truth is: the Nest Cam is never "off" despite an effort by Nest and its parent Google to make it appear otherwise. That, according to an analysis of the Nest Cam by the firm ABI Research, which found that turning the Nest Cam "off" using the associated mobile application only turns off the LED power indicator light on the front of the device. Under the hood, the camera continues to operate and, according to ABI researcher Jim Mielke, to monitor its surroundings: noting movement, sound and other activity when users are led to believe it has powered down.

Mielke reached that conclusion after analyzing Nest Cam's power consumption. Typically a shutdown or standby mode would reduce current by as much as 10 to 100 times, Mielke said. But the Google Nest Cam's power consumption was almost identical in "shutdown" mode and when fully operational, dropping from 370 milliamps (mA) to around 340mA. The slight reduction in power consumption for the Nest Cam when it was turned "off" correlates with the disabling of the LED power light, given that LEDs typically draw 10-20mA.

In a statement to The Security Ledger, Nest Labs spokesperson Zoz Cuccias acknowledged that the Nest Cam does not fully power down when the camera is turned off from the user interface (UI). "When Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time," Cuccias wrote in an e-mail. "With that said, when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings." The privacy and security implications are serious. "This means that even when a consumer thinks that he or she is successfully turning off this camera, the device is still running, which could potentially unleash a tidal wave of privacy concerns," Mielke wrote.

Comment Re:Stop whining and RTFA (Score 2) 222

Read TFA closer. They do have a repeat offender policy.

I never said they didn't.

(I'm glad it got someone to read the article. teehee!)

The article shows Cox's stance, which is that they have a repeat offender a policy. The judge, for reasons we don't know yet, thinks that their policy is inconsistent. For all we know, Cox has no actual policy, and merely drafted up something right now on the fly, then used previous cases of banning users to support the claim that they had a policy all along. Cox claims that their policy it is not inconsistent, it is discretionary. Is their policy sufficient to meet the criteria for a repeat offender policy as described in the DMCA? *shrugs* We don't know. The judge will decide that. DMCA itself isn't super clear on the topic, which is why I looked it up and linked to the EFF's opinion on those policies.

IMHO, Cox is right. Those copyright trolls send a gzillion notices with little to no supporting evidence. Neither the ISPs, nor the individuals, should be obligated to respond to them. The trolls should have their errant and unsupported DMCA claims discarded, and they should be held liable for damages. Hopefully that is what will happen here. Even if Cox's repeat offender policy was not sufficient, it does not make the DMCA claims valid. But if Cox didn't follow the DMCA rules than it puts a wrinkle in things and makes this a bad case and increases the chance for the trolls to succeed. This is a lesson to other ISPs: Get your repeat offender policy in alignment with the law, or fear losing your safe harbor status. That would be a huge ball of suck.

My post was not a criticism or a defense of Cox. It was to point out that there is a lot more nuance than the overzealous Slashdot summary would have us believe. The summary implies that the judge threw-out safe harbor for arbitrary reasons. The article indicates otherwise.

Comment For Catholics (Score 1, Interesting) 137

Black Friday was the sacred Friday before Easter, on which Jesus was crucified. That is, until big business, in an act of cultural imperialism, decided the term should be used to dignify a celebration of materialism. Strange how Time conveniently overlooks cultural imperialism when directed against certain groups, but not others.

Comment Stop whining and RTFA (Score 2) 222

The DMCA gives Safe Harbor to ISPs who implement the rules. If Cox never implemented the "repeat offender" policy then they are no longer entitled to the safe harbor provisions. Since the trial has not yet begun, it remains to be seen if they actually did so. We also don't know anything about the DMCA filings that Cox received.

The EFF has an article on what the DMCA repeat infringer policy means.

Comment Translate please! (Score 1) 192

I have questions!

Registration is mandatory prior to operation of a UAS in the NAS not at point of sale.

UAS = Unmanned Aircraft Systems AKA "RC aircraft"
NAS = ???

Persons must be 13 years of age to register.

I don't think you have to be 13 years or older to purchase or operate one, so this seems like a loophole.

Comment Re:PASSWORDS (Score 1) 491

Short passwords are easier to remember than longer passwords,

Are you sure?
Short complex password, or long dictionary passphrase?
Until someone points to a study on the topic this will remain a matter of opinion. But I suspect that people find short passwords hard to remember because of the arbitrary and inconsistent rules on character case, symbols, numbers, and length. If it was just a matter of comparing biscuit' to 'I ate biscuits for dinner last Tuesday" then shorter would be better. But when it becomes 'B1scu!t' the scales tip toward the passphrase. More evidence of this is that people take passphrases, and create rules for turning them into short passwords. Ex: 'I ate biscuits for dinner last Tuesday' becomes 'i8bfdlT'

if it is done correctly on your phone, they don't get your phone number

Oh, you are referring to using OTP algorithms. I find most online services don't support that: They just want your cell number and they text you something.

As for the rest of your post: I agree.

Side question: Could you help me understand something that happens with online discussions? I find that people seem to reply to posts, and restate something that I said, but in a way that implies I disagreed with it. Is a debate technique to try and discredit someone? For example, you posted "two-factor capability makes it more secure, not less." That statement implies that I said two-factor capability is less secure. I did not say that, I said short passwords are less secure. I even pointed out, albeit indirectly, that two-factor is more secure when I said "I *might* reconsider for my bank." Another example is your statement that the other factor could be a a phone or a token. Was there something in my post that implied I didn't know that? I specifically mentioned both phone and keyfob. I'm just trying to understand since this seems to happen a lot.

Comment Re:Make the US Post office key to identity managem (Score 1) 491

Dangit! I lost my mod points because I commented. I have wanted this for years. I hate signing-up for electronic delivery of anything important (tax forms, bank statements, credit card statements) because I fear something technical will go wrong, or I'll get massive spam. Those problems are largely eliminated with postal mail. The government backs it, so it is reliable enough to be used for legal purposes. And it has a cost so the volume of spam is limited.

Comment Re:PASSWORDS (Score 2) 491

Wow, that sounds like the exact opposite of what I want.

1. Short passwords = harder to remember and less secure.
2. Two factor authentication means I have to give my cell phone number to everyone and have it on hand, or I have to carry 500 keyfobs. I can't login quickly because I have to wait for a text, and if I lose my phone I can't login to anything. I personally choose never to use 2-factor authentication, and instead have good passwords. I *might* reconsider for my bank.

Comment Re:The problem is the user (Score 3, Interesting) 491

1) In general, criticizing a citation is only valid if you can provide a better citation. In this case, a newer article would qualify.
2) People still use 7-year-old electronics.
3) Newer articles seem to indicate this is still a problem. Ex:
PS4: 10 watts
XBOX One: 13 watts
"Is standby growing or shrinking? It's probably growing."
Displays: 12 watts
(Source: http://www.energysavingsecrets...)

Comment Re:Everyone has to learn about it. (Score 1) 193

Hmmm... then I reword my question: "I'm curious to know why a senior programmer was writing code to concatenate strings of SQL." Fortunately, you answered it already when you said "It's a natural way for someone who doesn't realize the risks to do it." That is probably the most common reason for SQL injection vulnerabilities. But that statement concerns me. I expect someone labeled "senior engineer" would already know about these risks. Exceptions might be someone with a very narrow but deep focus like an embedded C programmer, or a PHD with little real experience. Am I off-base in my expectation that senior engineers would know this? I work in a place that has a mix of embedded engineers and higher-level programmers, so I am tempted to take a survey.

Another area that I think many "senior" engineers don't know is security. Lots of them find an encryption library and call Encrypt(data, key="12345" + "abcde") and think they are secure because they used 256-bit encryption and obfuscated the key.

Comment Re:Everyone has to learn about it. (Score 2) 193

I'm curious to know why a senior programmer was writing code to handle apostrophes in the first place when that is probably built-in to whatever library you use. I'm legitimately interested, if you wouldn't mind following-up with a reply at some point. The answer is probably to the heart of why SQL injection continues to be an issue.

Without life, Biology itself would be impossible.