Paul Roberts

From Sony’s DRM Rootkit to CarrierIQ: Why Commercial Rootkits Make Us So Mad

The half life of the CarrierIQ “rootkit” scandal proved to be a little more than a week. That’s about how long it took for Trevor Eckhart, a young, Connecticut-based Android developer to begin raising questions about some stealth software he discovered running on Android phones by HTC and speculation in the media and online to run rampant about what kinds of spying said software might be engaged in. It was time enough for CarrierIQ to issue a lawyer letter threatening to sue the Eckhart and the Electronic Frontier Foundation to come to his defense and even for Congress to get involved – each of which ensured even more news cycles would be taken up with the mini-controversy. And it was time, at long last, for more information to become available about what was really going on with CarrierIQs software, and for cooler heads to prevail on both sides. The question, now, is why incidents like this provoke our anger so – and what we can do to stop them from happening again. 

Microsoft Research: Spammers Act Just Like HIV Virus In Avoiding Filters

Security researchers often use language and metaphors from the natural world to describe problems in the virtual world. (Thus, our use of the terms “virus,” and “worm.”) Now it turns out that the links may not be so arbitrary, after Microsoft researchers discovered that tools they developed to detect spammers’ efforts to avoid anti-spam filters were also great at spotting mutations in the HIV virus.


In the wake of a highly visible hack of its network infrastructure, a spokeswoman for the United Nations Development Programme (UNDP) says that hackers from the group TeamP0ison compromised an unpatched server and that e-mail addresses and account passwords exposed in the attack were outdated. 

Customers of the Lucky supermarket chain in California were feeling rather unlucky last week, after receiving notice from parent company Save Mart Supermarkets said that self-service checkout lines in 20 of its stores were found to have debit and credit card readers that had been outfitted with card skimmers.

When CrowdOptic, a Silicon Valley, venture funded startup, developed a cool application that could stream real-time, context-aware information streams to mobile devices, the applications seemed straight-forward (and lucrative) enough: a blend of advertising and broadcasting that sports franchises and concert promoters might use to create an enhanced and “immersive experience” for fans attending live events. Along the way, however, the company discovered another, even more powerful use for their technology: crowd control.

Siemens said on Tuesday that it is working with the U.S. Department of Homeland Security to investigate a cyber intrusion into a water treatment plant in South Houston, Texas, but couldn’t confirm that a default, three digit password hard coded into an application used to control the company’s SCADA software played a role.