888.4.NATNET
Facebook Twitter LinkIn Blog Instagram YouTube Google Plus

Monthly Archives: October 2014

21
Oct
2014

Tech Taking over the Way Patents Work With USPTO Appointment

by Bill

patent troll

 

For the last several years there has been a significant rift between sectors seeking to mold the way Intellectual Property is protected in the United States. Traditionalists from the Pharmaceutical and Publishing industries have pushed hard to maintain the status quo, while forward thinking tech firms have sought to revamp the system after facing an onslaught of frivolous lawsuits by patent trolls seeking to misuse the patent system for profiteering rather than idea protection.

At the heart of the debate is the notion of whether or not an idea itself should be enough to earn a patent, or must the idea actually be put to use in a meaningful way before it becomes worthy of governmentally enforced legal protection.

Decades ago a product would come to market and earn a patent after years of R&D with significant expense necessary to make it viable. In the modern tech world, companies like Intellectual Ventures have made a patenting raw ideas the core element of their business plan. Rather than spending time, money or other resources on developing ideas for the marketplace – they simply patent the idea itself, put it on the shelf, and then use the court system to sue anyone who does anything that infringes on their patent in the future.

The result is a system that actually hampers innovation rather than fostering it according to many patent-reform advocates. Whereas a patent used to be used to safeguard a new innovation from being stolen or co-opted by copycats, the maze of patents that exist on virtually every vague aspect of modern tech now make it unfeasible for a start-up to launch new services or products without an expensive army of lawyers carving out breathing room from a mountain of “paper patents” that cover ideas which are not seen anywhere but on the documentation filed to secure them.

This environment has led to billion dollar lawsuits back and forth between monolithic tech giants of industry, confusion over what is or is not patentable, vague overreaching patents being issued that are against consumer interests and a bitter lobbying war that has caused Congressional inaction and allowed the directorship of the U.S. Patent and Trademark Office (USPTO) to remain vacant for nearly two years.

Now Ms. Michelle Lee, the current Deputy Director of the USPTO is being nominated by the Obama administration to take over the top job and it appears she is destined to be approved by Congress. Her impeccable credentials include a master’s degree from MIT in electrical engineering and computer science and a JD from Stanford Law School. She spent five years working as a patent attorney for Fenwick & West, nine years as Google’s deputy general counsel, additional time as the head of the USPTO’s Menlo Park office and was appointed deputy director of the agency in December of 2013.

Some believe she is too loyal to Google as her former employer, many say much will remain unchanged no matter who runs the USPTO, but there is almost unanimous agreement among the tech sector that things would be far worse if a director with ties to Pharma and other traditionalist sectors had been appointed instead.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
06
Oct
2014

Undetectable BadUSB Exploit Released Into the Wild

by Bill

USB virusBadUSB, a thus far undetectable and unstoppable means of delivering malware via the ubiquitous USB port, was first announced to the world in July by Karsten Nohl, a researcher with SR Labs, who discovered that it’s possible to load malware onto any USB device. Bad USB hides not in the flash memory of the device, but in the firmware that controls the device’s basic function, allowing the malicious code to remain hidden, outside of the reach of malware-detection regimes and immune to any conceivable software patch.

At the demonstration, Nohl and his research partner, Jakob Lell, showed that it wasn’t merely a problem limited to thumb drives, that any device that interfaced with a USB could be corrupted, from mice and keyboards to smartphones, and once a BadUSB device is connected to a computer, the tasks that can be performed is virally limitless, from software replacement, initiation of commands, or hijacking internet traffic, basically anything that a keyboard can do, and that is to say nearly everything the computer can do, can be controlled by malware piggybacked in the USB device’s firmware.

Confirming that a USB devices firmware has not been tampered with is nearly impossible, and thus far manufacturers have resisted implementing safeguards. A pair of enterprising hackers, Adam Caudill and Brandon Wilson, reverse-engineered BadUSB, and demonstrated it last week at the Derbycon hacker conference, further they published the code of their USB firmware hack on Github – officially releasing it into the wild.

At their presentation, Caudill said that the reason they got involved with this reverse-engineering project was SR lab’s reticence to publish the exploit themselves, stating “This was largely inspired by the fact that they didn’t release their material. If you’re going to prove that there’s a flaw, you need to release the material so people can defend against it.”

For now, all USB devices should be treated as suspect, as the BadUSB exploit works from USB to computer and from computer to USB device, making any USB that has ever been used in a not known clean device a potential vector of attack.

In order to prevent USB devices’ firmware from being rewritten as accomplished by BadUSB, their security architecture would need to be completely redesigned, and with literally millions upon millions of USB devices in circulation, BadUSB has the makings of a truly catastrophic malware epidemic.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
NationalNet, Inc., Internet - Web Hosting, Marietta, GA
Apache Linux MySQL Cisco CPanel Intel Wowza