qubezz writes: Security researcher Phar (Mike Davis/IOActive) gave his 30 days of disclosure notice to Cyberlock (apparently a company that makes electronic lock cylinders) that he would release a public advisory on vulnerabilities he found with the company's security devices. On day 29, their lawyers responded with a request to refrain, feigning ignorance of the previous notice, and invoking mention of the DMCA (this is not actually a DMCA takedown notice, as the law firm is attempting to suppress initial disclosure through legal wrangling). Mike's blog states: "The previous DMCA threats are from a company called Cyberlock, I had planned to do a fun little blog post (cause i ... hate blog posts) on the fun of how I obtained one, extracted the firmware bypassing the code protection and figured out its "encryption" and did various other fun things a lock shouldn't do for what its marketed as.. But before I could write that post I needed to let them know what issues we have deemed weaknesses in their gear.. the below axe grinderery is the results. (sic)" What should researchers do when companies make baseless legal threats to maintain their security-through-obscurity? Related: Bitcoin exchange company Coinbase has been accused of spying on a dark net researcher.
I'll take the RED pill.
ananyo writes "The species of alga that causes 'brown tides' in the United States and South Africa is also to blame for massive blooms along China's east coast on the Bohai Sea, researchers have found. The finding could be the first step to tackling the problem. It is the fourth consecutive year the country has been hit by the bloom (Slashdot's story on the 2010 bloom), with the situation worsening each time the bloom returns."
An anonymous reader writes "Nokia is worried that networks may reject selling the N900 because it won't allow them to mess with the operating system. Nokia has previously showed the N900 running a root shell and it appears to use the same interface for IM and phone functions. Meanwhile, Verizon is claiming that 'exclusivity arrangements promote competition and innovation.' Is it too late to explain to people why $99+$60/month is not better than $600+$20/month?"
GBJ writes "I work for an organisation that runs seasonal online competition events. Each event has its own news feed which becomes obsolete shortly after the event finishes. We're still getting RSS requests for some events as far back as 2004. I'd like to close a few thousand old feeds and remove the resource hit they cause, but I'm not sure what is the best approach. Currently I'm considering just returning a 404, but I have no idea if there is a better way to handle this. Uncle Google hasn't turned anything up yet, but sometimes it's hard to find something when you don't know what it's called ..."