Teelie
Sleep, must sleep
- Joined
- Jun 21, 2011
- Messages
- 24,718
- Reaction score
- 8,309
- Points
- 118
We have Weird News, Stupid News, Abuse of Power News, Good News, and for however long it lasts, Gun News but not news for when something doesn't quite fit in one category or in these cases, too many of them.
Pirates hack into shipping company’s servers to identify booty
Yep. Actual true, for real pirates. Not the vaguely defined internet kind either. Real ones. With guns and everything.
The idea behind this is right. Knowing what is where out in the vast ocean is a great thing. Lackluster or nonexistent security and poor management make the reality horrifying. Such as when pirates break into your homebrewed management software and find out where all the expensive goodies are.
Patent battle over LARPer’s foam arrows heats up
This is just funny as all get out to me. These are people who take their role playing so seriously there are now companies going to court over it. I get that these businesses want to profit off them but this is getting out of hand.
Pirates hack into shipping company’s servers to identify booty
Yep. Actual true, for real pirates. Not the vaguely defined internet kind either. Real ones. With guns and everything.
The idea behind this is right. Knowing what is where out in the vast ocean is a great thing. Lackluster or nonexistent security and poor management make the reality horrifying. Such as when pirates break into your homebrewed management software and find out where all the expensive goodies are.
Ars TechnicaWhen the terms "pirate" and "hacker" are used in the same sentence, usually it's a reference to someone breaking digital rights management on software. But that wasn't the case in an incident detailed in the recently released Verizon Data Breach Digest report, unveiled this week at the RSA security conference. Verizon's RISK security response team was called in by a global shipping company that had been the victim of high-seas piracy aided by a network intrusion.
The shipping company experienced a series of hit-and-run attacks by pirates who, instead of seeking a ransom for the crew and cargo, went after specific shipping containers and made off with high-value cargo.
"It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved," the RISK team recounted in the report. "They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident."
The targeted nature of the attack made it clear to the shipper that the pirates were somehow getting intelligence directly from their computer systems. The response team discovered that the company used a "homegrown" Web-based content management system (CMS) to manage bills of lading for their cargo ships. An examination of network traffic to the CMS revealed a Web shell script had been uploaded to the server through a vulnerability in the software. The shell script backdoor gave attackers remote access to the server, allowing the upload and download of files—in this case, specifically downloading the bills of lading for the company's ships. The attackers had compromised a number of system passwords in the process as well.
However, the attackers made a number of mistakes. The shell script used straight HTTP rather than taking advantage of the site's SSL encryption—so the contents of the traffic was easily discovered by packet captures. "We were ultimately able to capture every command the threat actors issued, which painted a very clear picture," the RISK team wrote. "These threat actors, while given points for creativity, were clearly not highly skilled. For instance, we found numerous mistyped commands and observed that (they) constantly struggled to interact with the compromised servers."
While they had managed to get initial access to a number of servers, the attackers weren't able to install shell scripts on them because of a network security appliance. Ultimately their activities were limited to the server they had initially gained access through.
But their most damning mistake? "The threat actors also showed a lack of concern for their own operational security by failing to use a proxy and connecting directly from their home system," the RISK team noted. The shipping company shut down the server to fix the vulnerability, and they then blocked the IP address of the pirate's hacker—ending the targeted attacks.
Patent battle over LARPer’s foam arrows heats up
This is just funny as all get out to me. These are people who take their role playing so seriously there are now companies going to court over it. I get that these businesses want to profit off them but this is getting out of hand.
Ars Technicawo rivals in the unusual business of selling foam arrows have failed to settle their dispute over patents and trademarks, and the lawsuit between them is moving forward rapidly.
Defendant Jordan Gwyther has said that the litigation could threaten the future of his favorite hobby: live action role-playing, or "LARPing." Gwyther and his fellow LARPers recreate medieval battles, wearing armor and using foam weapons to stage fights in local fields and parks.
Gwyther runs a community website for LARPers called Larping.org and has a side business selling foam-tipped arrows that are popular with LARPers. He got sued in October by a company called Global Archery, which claims that Gwyther's arrows business violates two patents it owns and also illegally uses its trademark. Last month, Gwyther, strapped for cash, went public with the dispute. He made a video asking for support on GoFundMe.
That led Global Archery to ask the judge for a "gag order" that would prevent Gwyther from talking about the case. At that point, the Electronic Frontier Foundation stepped in, filing an amicus brief stating the group's position that Gwyther has a First Amendment right to talk about the litigation, as well as to ask for help.
Now the litigation is moving forward at a rapid clip, despite the fact that Global Archery's founder, John Jackson, made a settlement offer in which Gwyther wouldn't have to pay him anything. Ars spoke to both Jackson and Gwyther about their views on that offer, and the escalating legal brawl between them.
“Targeting our customers”
In an interview with Ars, Jackson said he decided to sue Gwyther because he started hearing about Gwyther from his own customers.
"We started getting contacted by our licensees," Jackson said. "They were saying, 'Who's Larping.org? He's contacting us and trying to sell us arrows.' Well, that didn't set too well with us," Jackson said.
Jackson doesn't believe that Gwyther should be allowed to speak to his customers and tell them he has a better product.
"When you’re a commercial enterprise, and you say our product is better than yours, that is false and misleading," said Jackson. "You can’t do that in commercial advertising. That would be like me selling tennis shoes by saying they're better than Nike."
When I asked Jackson how that wasn't simply legitimate business competition, he said that claiming one's product is better than a competitor's, "without proof," is false advertising.
"If he’s in the Larp community, why does he need to go after my customers?" asked Jackson. "These are people who have already got a business relationship with us."
He also thinks Gwyther shouldn't be allowed to buy Google ads based on his company's name. The practice of buying trademarked keywords in search engines has been litigated for more than a decade now, and trademark owners who take Jackson's position—that purchasing ads based on competitors' names is "infringement"—nearly always lose, a pattern documented exhaustively by Santa Clara Law Prof. Eric Goldman. Still, Jackson believes it shouldn't be allowed.
"He's targeting our customers, and targeting our brand," said Jackson. "He's using [our name] as keywords for his advertising. That's not right.
"We’re not some money hungry corporation. This is not who we are. We've taken combat archery, made it family friendly, and something the whole family can enjoy."
Licenses vs. sales
Jackson made Gwyther an offer he viewed as a generous one: he'd drop the lawsuit and not ask for any money damages, if Gwyther followed 10 conditions. Gwyther would be allowed to continue to sell his arrows, which he imports from a German company, but would need to stop "target[ing] any of Global's licensees through direct marketing including e-mails and cold calls." He would also have to take down his YouTube video and stop talking to the press or making any public statements about the dispute.
In other words: stop competing with us and stop talking about it. For Gwyther, the settlement is no generous offer at all. He rejected the offer.
"There are stipulations in there I don't believe any court would grant him, like that I would not 'directly target' any licensees," he told Ars in an interview. "What if I get a referral and it's one of their licensees, and I e-mail them? Would I have to look it up every time? It makes it impossible to do anything."
Referrals are the basis of Gwyther's business, and there aren't that many groups using foam-tipped arrows, he said. They tend to know each other. He doesn't like the conditions that would keep him silent about the situation, either.
"It feels like an attempt to get a gag order without a gag order," he said. "This lawsuit has turned my life upside down. I've been inundated with worries. How am I going to pay for this?"
Jackson says he's amazed Gwyther won't accept his ten conditions, which are now listed on Gwyther's GoFundMe page. In a written statement, Jackson said:
At its root, the conflict is between two different personalities and also widely different business models. Global Archery licenses its business to summer camps, church groups, and companies. In exchange for an annual fee, the company provides not just arrows but bows, targets, and other equipment. The company also replaces worn-out gear. The fees can range from a few thousand dollars up to $10,000, depending on how much equipment is desired, according to Jackson. If a company stops paying the franchise fee, they have to give back their equipment.To our shock and disbelief, Mr. Gwyther rejected our offer, stating that our offer is too restrictive because he believes that he should be able to continue to use our federally registered trademark Archery Tag®, and to be allowed to continue to directly market to Global Archery’s Licensed Archery Tag® providers. One has to wonder about Mr. Gwyther’s true intentions.
Gwyther's business is simpler, and cheaper. He just sells the arrows. They cost between $15 and $17 each, and a typical order is between 60 and 90 arrows.