Supreme Court Bilski Decision Watch - Coming Monday?

On Monday, the scales of justice will tip one way or the other in the Bilski business-method patent case. The Supreme Court is scheduled to wrap up its current term June 28th with only four outstanding decisions remaining. Barring an order for re-arguments in the case next term, the technology patent landscape may significantly shift with this decision. At stake are whether mental-process patents such as those currently held by technology companies, researchers, and other innovators are actually patentable. Since the State Street Bank case in 1998 removed the physical change or machine test in patents, a flood of patents have been issued for software, biomedical, and technology ideas. As discussed in my earlier blog post, upholding the lower court's decision to reinstate the physical change or machine test throws all existing and future technology patents into turmoil.



Keep your eyes on the Court's website for the latest decisions.

UPDATE: Apologies for the delay, here is the decision.


** I am an attorney with a firm in Atlanta, GA., contributing as a guest blogger on behalf of Errata Security. These are just my personal views and thoughts, not intended to reflect the views of anyone else nor intended to provide advice, legal or otherwise.

iPad hack vs. OWASP Top 10

Which of the "OWASP Top 10" was responsible for the iPad AT&T hack? The answer is: "none of them". It's an "information leakage" problem, something I would include in my top 10 list, but which is missing from OWASP's list.

OWASP is an organization that helps secure websites by teaching developers to avoid common web app vulnerabilities like "SQL injection" and "cross site scripting". They have a pretty good list of what they consider the "Top 10" vulnerabilities.

But the AT&T iPad registration vulnerability, "information leakage", isn't on their list. In my experience, it should be. In our pentests into websites, "information leakage" is one of the most common problem we find. In their book "The Web Application Hacker's Handbook", authors Stuttard and Pinto also include "information leakage" as one of their top 5 web application vulnerabilities.

Cyberwar is fiction

I'm reading various articles about the Russia's proposal, with support from the UN, for a "cyberwarfare arms limitation treaty". What astounds me is that nobody seems to realize that "cyberwarfare" is a fictional story, and that "arms" in cyberspace don't exist.

"Cyberwar" and "cyberweapons" are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and the tools hackers use are nothing like weapons. Putting "cyber" in front a something is just way for people to grasp technical concepts, the analogies quickly break down, and are useless when taken too far (such as a "cyber disarmament treaty"). Unfortunately, it's the clueless people who believe in these analogies that are driving national policy.

Microsoft has good security, but it's not enough

Google(reportedly) says that because of security, it is replacing Windows desktops with Macintoshes and Linux computers. Microsoft replies, claiming that Windows is the most secure operating system. Both are right.