Daily Archives: October 5, 2020

Former Patent Litigator Becomes Federal Judge And Begins Advertising For Patent Trolls To Come To His Court (And They Have In Droves)

Posted on by

For years, you may recall that we would write about the insane nature of forum shopping for patent trolls, in which the trolls would flock to the federal courts in East Texas. Going back nearly 15 years, we wrote about how East Texas courts became grand central for patent troll cases, leading to all sorts of sketchy behavior. There are a bunch of empty office buildings setup in small Texas cities (mainly Marshall and Tyler) just to “pretend” to have offices there. Companies engaged in many patent cases started to try to suck up to residents of those small cities, in case they might be on a jury. TiVo literally bought a “Grand Champion Steer” just weeks before a jury was set to rule on a massive TiVo trolling case. Samsung threw so much money at the local “Stagecoach Days” event that it was renamed “Samsung Stagecoach Days,” and built a Samsung ice rink right next to the courthouse in Marshall.

For years, people pressured Congress to fix this mess, but instead, the Supreme Court finally stepped in, with the TC Heartland ruling, and said that the proper jurisdiction should be where defendants actually are incorporated. Of course, this seemed to have the reverse effect — as companies no longer want to be in East Texas. Apple shut down its stores there to avoid the jurisdiction.

Of course, if you thought that the judges would go quietly, you’d be wrong. It’s always felt like a few judges in East Texas loved the reputation they’d built up as being super friendly to patent trolls. For a while it was Judge T. John Ward. And when he left the bench (to become a patent lawyer, natch), Judge Rodney Gilstrap stepped into the gap he left. He even tried to ignore the Supreme Court’s TC Heartland decision (though the Federal Circuit appeals court was not impressed).

However, as Patent Progress notes, there’s a new judge vying to be at the top of the patent troll’s Christmas list, and he’s in West Texas. Judge Alan Albright, a former patent litigator, was appointed to the bench in 2018 — and he literally went on a tour to convince companies to bring patent cases in his court:

U.S. District Judge Alan Albright and attorneys who predicted last year that Waco’s federal court would become a hotbed of patent and intellectual property litigation missed their prediction just a bit.

With Albright traveling the country drumming up business and patent attorneys spreading the word that Waco’s new federal judge, a longtime patent litigator, will provide the expertise to create an efficient and welcoming environment in Waco, the response in the past year actually exceeded those predictions.

Since Albright took office in September 2018, more than 250 patent cases have been filed in the federal Western District of Texas, which includes Waco. That total eclipses the number for the previous four years combined and has made the Western District among the busiest in the country for patent cases.

[…]

Source: Former Patent Litigator Becomes Federal Judge And Begins Advertising For Patent Trolls To Come To His Court (And They Have In Droves) | Techdirt

Ring glitch results in global ding dong ditch: Doorbells keep going off with no one pushing them.

Posted on by

Amazon-owned smart home appliance maker Ring has won the world record for biggest game of “ding dong ditch” after a software glitch broadcast erroneous doorbell chimes to countless users yesterday.

The global game of Ring and run (as it’s known in the US) coincided with software issues that prevented owners from viewing archived footage or receiving push notifications. Customers in markets including the UK and US were believed to be affected.

The Timely Information Transmission Suffered Unpredictable Ping-time (TITSUP) led some to believe that Ring’s systems were being targeted deliberately by a malicious third party. “Are the Ring doorbells being hacked? Mine are going off non-stop,” tweeted one confused punter.

“You’re [sic] network has been down for hours. Now I am getting phantom ‘rings’ and it’s driving my Great Dane crazy,” complained another.

Your humble hack also experienced the glitch when a random chime from his overpriced doorbell disturbed a post-work nap. More accurately, it startled his dogs, who then leapt onto his chest.

Speaking to El Reg, Ring’s Europe head of communications, Claudia Fellerman, confirmed the problem and said it has since been fixed.

“Our processing infrastructure was running behind which caused some delays in receiving in-app notifications and Chime motion and ding notifications. However, this has been resolved,” she said.

According to Ring’s status page, no user data was lost, and a fix was applied by late evening. The company warned that users may encounter delayed chimes and notifications while the back-end catches up.

Ring also urged punters to check the battery levels on their devices as the outage may have caused a higher-than-usual power drain.

Source: Ring glitch results in global ding dong ditch: Doorbell bling flings out random pings but they’re not the real thing • The Register

Yay cloud!

Tokyo Stock Exchange breaks new record. Sadly, not a good one… its longest ever outage

Posted on by

Tokyo’s Stock Exchange (TSE) went offline for most of Thursday, its longest-ever outage and a very unwelcome one as it is the world’s third-largest bourse, when measured by market capitalisation.

The exchange yesterday morning posted news that “a technical glitch occurred to distribution of market data,” and the market therefore stopped all trading. Later in the day the bourse also took down its after-hours trading platform, ToSTNeT, and then issued warnings that some market data distributed to investors was invalid.

The exchange explained the cause of the outage in a statement that said it experienced “hardware failure,” followed by a failure-to-failover.

The statement continued: “the switchover from the failed device to the backup device did not work properly, and as a result, market information could not be distributed.”

Which sounds very like someone hasn’t run a disaster recovery simulation for a while.

While the exchange thought it could replace the hardware and resume trading, doing so would have required a reboot that it felt “would cause confusion for investors and market participants, which would make it difficult to execute smooth trading.”

After talks with stakeholders, it was decided to just give up on the day and resume on Friday. At the time of writing – a few minutes after Friday’s opening bell – that plan appears to have worked.

The exchange has apologised for the outage, and taken responsibility for the situation, and also made it plain that mess was the result of its own mistakes and key technology provider Fujitsu was not at fault.

Fujitsu promotes TSE’s use of “approximately 200” of its Primergy servers and the Primesoft in-memory data management software.

That combo can apparently handle 100 million orders a day, at a rate of 1.4 million order-per-minute, all with transaction time of 300 microseconds apiece. Well, sometimes.

Fujitsu has reportedly apologised for its role in the outage.

The exchange continues to do so at every opportunity, with its notification that it expects normal trading today ending with: “We would like to express our sincerest apologies for the inconvenience caused by the system failure of Tokyo Stock Exchange, and we would like to ask for your continued support and cooperation in the operation of the market.”

Source: Tokyo Stock Exchange breaks new record. Sadly, not a good one… its longest ever outage • The Register

US govt wins right to snaffle Edward Snowden’s $5m+ book royalties, speech fees – and all future related earnings

Posted on by

The US government’s Department of Justice has won its multi-million-dollar claim to Edward Snowden’s Permanent Record book royalties as well as any future related earnings.

A federal district court in eastern Virginia this week ruled that Uncle Sam was entitled to the proceeds of Snowden’s bestseller, an estimated $5.2m, and “any further monies, royalties, or other financial advantages derived by Snowden from Permanent Record.” It can also grab Snowden’s appearance fees from 56 speeches, thought to exceed $1m.

The court came to this conclusion after deciding Snowden broke his non-disclosure agreements with the NSA and CIA. It noted the super-leaker did not offer up his book for a review by official censors nor did he clear speeches on intelligence matters with the US government as required by his employment contract from the time he worked for Uncle Sam.

“The United States’ lawsuit did not seek to stop or restrict the publication or distribution of Permanent Record,” the Dept of Justice’s spokespeople said on Thursday of the decision.

“Rather, under well-established Supreme Court precedent, Snepp v. United States, the government sought to recover all proceeds earned by Snowden because of his failure to submit his publication for pre-publication review in violation of his alleged contractual and fiduciary obligations.”

That the US government would crack down on Snowden is hardly unexpected. Officials filed suit in September 2019 to claim a cut of Snowden’s public persona on the grounds he broke his agreement with the No Such Agency by going public.

“Edward Snowden violated his legal obligations to the United States, and therefore, his unlawful financial gains must be relinquished to the government,” said Deputy Attorney General Jeffrey Rosen.

“As this case demonstrates, the Department of Justice will not overlook the wrongful actions of those who seek to betray the trust reposed in them and to personally profit from their access to classified national security information.”

Source: US govt wins right to snaffle Edward Snowden’s $5m+ book royalties, speech fees – and all future related earnings • The Register

Wow, apparently these employment contracts are more like permanent indenture – last I looked, Snowden wasn’t exactly in the employ of the NSA any more… in as much as he was ever as a contractor…

Grindr security flaw let anyone take over any accounts easily

Posted on by

Grindr, one of the world’s largest dating and social networking apps for gay, bi, trans, and queer people, has fixed a security vulnerability that allowed anyone to hijack and take control of any user’s account using only their email address.

Wassime Bouimadaghene, a French security researcher, found the vulnerability and reported the issue to Grindr. When he didn’t hear back, Bouimadaghene shared details of the vulnerability with security expert Troy Hunt to help.

The vulnerability was fixed a short time later.

Hunt tested and confirmed the vulnerability with help from a test account set up by Scott Helme, and shared his findings with TechCrunch.

Bouimadaghene found the vulnerability in how the app handles account password resets.

To reset a password, Grindr sends the user an email with a clickable link containing an account password reset token. Once clicked, the user can change their password and is allowed back into their account.

But Bouimadaghene found that Grindr’s password reset page was leaking password reset tokens to the browser. That meant anyone could trigger the password reset who had knowledge of a user’s registered email address, and collect the password reset token from the browser if they knew where to look.

Secret tokens used to reset Grindr account passwords, which are only supposed to be sent to a user’s inbox, were leaking to the browser. (Image: Troy Hunt/supplied)

The clickable link that Grindr generates for a password reset is formatted the same way, meaning a malicious user could easily craft their own clickable password reset link — the same link that was sent to the user’s inbox — using the leaked password reset token from the browser.

With that crafted link, the malicious user can reset the account owner’s password and gain access to their account and the personal data stored within, including account photos, messages, sexual orientation and HIV status and last test date.

“This is one of the most basic account takeover techniques I’ve seen,” Hunt wrote.