Tag Archive for: publishers

Publisher’s Spotlight: The Zero Day Initiative (ZDI): Financially Rewarding InfoSec Researchers


Formed by TrendMicro, the Zero Day Initiative (ZDI) was created to encourage the reporting of 0-day vulnerabilities privately to the affected vendors by financially rewarding researchers. At the time, there was a perception by some in the information security industry that those who find vulnerabilities are malicious hackers looking to do harm. Some still feel that way. While skilled, malicious attackers do exist, they remain a small minority of the total number of people who discover new flaws in software.

Incorporating the global community of independent researchers also augments their internal research organizations with the additional zero-day research and exploit intelligence. This approach coalesced with the formation of the ZDI, launched on July 25, 2005.

Today, the ZDI represents the world’s largest vendor-agnostic bug bounty program. Their approach to the acquisition of vulnerability information is different than other programs. No technical details concerning the vulnerability are sent out publicly until the vendor has released a patch.

One of their cool events is Pwn2Own, held in multiple countries – here’s their recent scoreboard from their Vancouver, Canada event:

Publisher’s Spotlight: The Zero Day Initiative (ZDI):  Financially Rewarding InfoSec Researchers

Contestants disclosed 27 unique zero-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn, Synacktiv (@Synacktiv), for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3:

Publisher’s Spotlight: The Zero Day Initiative (ZDI):  Financially Rewarding InfoSec Researchers

They do not resell or redistribute the vulnerabilities that are acquired through the ZDI.  Submitting through the ZDI program also relieves you from the burden of tracking the bug with the vendor.  They make every effort to work with vendors to ensure they understand the technical details and severity of a reported security flaw, which leaves researchers free to go find other bugs.  They will let you know where things stand with all your own current cases with regards to vendor disclosure. In no cases will an acquired vulnerability be “kept quiet” because a product vendor does not wish to address it.

Interested researchers provide them with exclusive information about previously un-patched vulnerabilities they have discovered.  The ZDI then collects…

Source…

The National Security Bill and the press: a threat to reputable news publishers, an open door for foreign interference?


By Nathan Sparkes

The National Security Bill is intended to protect the UK from “foreign powers” and has been described as an anti-spying bill.

However, national security legislation often poses a threat to journalists’ ability to do their jobs – and this bill is no different.

A threat to press freedom

The most concerning part of the Bill for UK-based journalists is Clause 3, which states:

Assisting a foreign intelligence service

(1) A person commits an offence if the person—

(a) engages in conduct of any kind, and

(b) intends that conduct to materially assist a foreign intelligence service in carrying out UK-related activities.

(2) A person commits an offence if the person—

(a) engages in conduct that is likely to materially assist a foreign intelligence service in carrying out UK-related activities, and

(b) knows, or ought reasonably to know, that it is reasonably possible their conduct may materially assist a foreign intelligence service in carrying out UK-related activities.

(3) Conduct that may materially assist a foreign intelligence service includes providing, or providing access to, information, goods, services or financial benefits (whether directly or indirectly).

The penalty for this offence is imprisonment for up to 14 years, or a fine.

Reporters sometimes publish information which may assist a foreign intelligence service, yet its disclosure is in the public interest.

For example, the publication of data on unethical activities by UK intelligence services might both assist foreign intelligence services and be in the interests of the UK public to be known.

Some outlets, like the IMPRESS-regulated Declassified UK, specialise in reporting on alleged cases of unethical conduct committed by UK intelligence, diplomatic or military agencies.

It would be a significant threat to the freedom of the press if this provision was used to target Declassified UK and other, similar publishers acting in the public interest.

Unjustified exemptions

Alongside this heavy-handed provision, for which there is no defence for news publishers, other provisions in the bill benefit from a media exemption.

These provisions require individuals or organisations to register with the…

Source…

Internet Archive Responds To Publishers Lawsuit: Libraries Lend Books, That’s What We Do

Last month, we wrote about the big publishers suing the Internet Archive over its Controlled Digital Lending (CDL) program, as well as its National Emergency Library (NEL). As we’ve explained over and over again, the Internet Archive is doing exactly what libraries have always done: lending books. The CDL program was structured to mimic exactly how a traditional library works, with a 1-to-1 relationship between physical books owned by the library and digital copies that can be lent out.

While some struggled with the concept of the NEL since it was basically just the CDL, but without the 1-to-1 relationship (and thus, without wait lists), it seemed reasonably defensible: nearly all public libraries at the time had shut down entirely due to the COVID-19 pandemic, and the NEL was helping people who otherwise would never have had access to the books that were sitting inside libraries, collecting dust on the inaccessible shelves. Indeed, plenty of teachers and schools thanked the Internet Archive for making it possible for students to still read books that were stuck inside locked up classrooms. But, again, this lawsuit wasn’t just about the NEL at all, but about the whole CDL program. The publishers have been whining about the CDL for a while, but hadn’t sued until now.

Of course, the reality is that the big publishers see digital ebooks as an opportunity to craft a new business model. With traditional books, libraries buy the books, just like anyone else, and then lend them out. But thanks to a strained interpretation of copyright law, when it came to ebooks, the publishers jacked up the price for libraries to insane levels and kept putting more and more conditions on them. For example, Macmillan, for a while, was charging $ 60 per book — with a limit of 52 lends or two years of lending, whichever came first. And then you’d have to renew.

Basically, publishers were abusing copyright law to try to jam down an awful and awfully expensive model on libraries — exposing how much publishers really hate libraries, while pretending otherwise.

Anyway, the Internet Archive has filed its response to the lawsuit, which does the typical thing of effectively denying all of the claims in the lawsuit (though I will admit that I chuckled to see them even “deny” the claim that the Archive’s headquarters are in an “exclusive” part of San Francisco (FWIW, I’d probably describe the area more as “not easily accessible by public transit,” but that doesn’t quite make it exclusive — or at least not any more exclusive than most of the rest of SF)).

The Internet Archive admits that its headquarters are located in San Francisco, but denies that the corner of Funston and Clement Streets is an “exclusive area.”

The key part, of course, will be the defenses, and as expected the Internet Archive throws everything in starting with fair use, failure to state a claim, first sale, DMCA safe harbor, and statute of limitations and laches. The key ones are going to be fair use and the first sale issue. And the response lays out the basics of how this defense is going to be argued:

The Internet Archive does what libraries have always done: buy, collect, preserve, and share our common culture. In furtherance of that mission, the Internet Archive has received grant funding from the National Endowment for the Humanities, the National Science Foundation, and the federal government’s Institute of Museum and Library Services, among many other sources. Many libraries and archives, including the Library of Congress, Boston Public Library, University of Illinois at Urbana-Champaign, and smaller community libraries like the Allen County Public Library trust the Internet Archive to digitize books and other materials in their collections in order to preserve physical texts and to facilitate public access. The Internet Archive is part of a network of libraries around the world—each of which is using digital technologies to meet the many challenges of serving patrons with diverse needs and differing abilities and to ensure that the growing storehouse of human creativity is not lost because no one has the capacity to preserve it.

Like Plaintiffs, the Internet Archive believes that “[b]ooks are a cornerstone of our culture and system of democratic self-government” and “play a critical role in education.” Accordingly, democratizing access to information, and facilitating access to books in particular, has been a core part of the Internet Archive’s mission for decades. But, for many people, distance, time, cost, or disability pose daunting and sometimes insurmountable barriers to accessing physical books. Digitizing and offering books online for borrowing unlocks them for communities with limited or no access, creating a lifeline to trusted information. Readers in the Internet age need a comprehensive library that meets them where they are—an online space that welcomes everyone to use its resources, while respecting readers’ privacy and dignity.

[….]

The Internet Archive has made careful efforts to ensure its uses are lawful. The Internet Archive’s CDL program is sheltered by the fair use doctrine, buttressed by traditional library protections. Specifically, the project serves the public interest in preservation, access and research—all classic fair use purposes. Every book in the collection has already been published and most are out of print. Patrons can borrow and read entire volumes, to be sure, but that is what it means to check a book out from a library. As for its effect on the market for the works in question, the books have already been bought and paid for by the libraries that own them. The public derives tremendous benefit from the program, and rights holders will gain nothing if the public is deprived of this resource.

During the early days of the COVID-19 crisis, in response to urgent pleas from teachers and librarians whose students and patrons had been ordered to stay at home, the Internet Archive decided to temporarily permit lending that could have exceeded the one-to-one owned-to-loaned ratio. With millions of print books locked away, digital lending was the only practical way to get books to those who needed them. The Internet Archive called this program the “National Emergency Library” and planned to discontinue it once the need had passed. Twelve weeks later, other options had emerged to fill the gap, and the Internet Archive was able to return to the traditional CDL approach.

Contrary to the publishers’ accusations, the Internet Archive and the hundreds of libraries and archives that support it are not pirates or thieves. They are librarians, striving to serve their patrons online just as they have done for centuries in the brick-and-mortar world. Copyright law does not stand in the way of libraries’ right to lend, and patrons’ right to borrow, the books that libraries own.

In a blog post about this, Internet Archive Founder Brewster Kahle notes that beyond trying to kill the CDL, the lawsuit also looks to force the Archive to destroy the digital books it’s scanned for so many libraries, and to preserve that history.

These publishers call for the destruction of the 1.5 million digital books that Internet Archive makes available to our patrons. This form of digital book burning is unprecedented and unfairly disadvantages people with print disabilities. For the blind, ebooks are a lifeline, yet less than one in ten exists in accessible formats. Since 2010, Internet Archive has made our lending library available to the blind and print disabled community, in addition to sighted users. If the publishers are successful with their lawsuit, more than a million of those books would be deleted from the Internet’s digital shelves forever.

I call on the executives at Hachette, HarperCollins, Wiley, and Penguin Random House to come together with us to help solve the pressing challenges to access to knowledge during this pandemic. Please drop this needless lawsuit.

It really is quite incredible that these publishers are looking to effectively do a digital book burning in the midst of a pandemic.

Techdirt.

Research Libraries Tell Publishers To Drop Their Awful Lawsuit Against The Internet Archive

I’ve seen a lot of people — including those who are supporting the publishers’ legal attack on the Internet Archive — insist that they “support libraries,” but that the Internet Archive’s Open Library and National Emergency Library are “not libraries.” First off, they’re wrong. But, more importantly, it’s good to see actual librarians now coming out in support of the Internet Archive as well. The Association of Research Libraries has put out a statement asking publishers to drop this counter productive lawsuit, especially since the Internet Archive has shut down the National Emergency Library.

The Association of Research Libraries (ARL) urges an end to the lawsuit against the Internet Archive filed early this month by four major publishers in the United States District Court Southern District of New York, especially now that the National Emergency Library (NEL) has closed two weeks earlier than originally planned.

As the ARL points out, the Internet Archive has been an astounding “force for good” for the dissemination of knowledge and culture — and that includes introducing people to more books.

For nearly 25 years, the Internet Archive (IA) has been a force for good by capturing the world’s knowledge and providing barrier-free access for everyone, contributing services to higher education and the public, including the Wayback Machine that archives the World Wide Web, as well as a host of other services preserving software, audio files, special collections, and more. Over the past four weeks, IA’s Open Library has circulated more than 400,000 digital books without any user cost—including out-of-copyright works, university press titles, and recent works of academic interest—using controlled digital lending (CDL). CDL is a practice whereby libraries lend temporary digital copies of print books they own in a one-to-one ratio of “loaned to owned,” and where the print copy is removed from circulation while the digital copy is in use. CDL is a practice rooted in the fair use right of the US Copyright Act and recent judicial interpretations of that right. During the COVID-19 pandemic, many academic and research libraries have relied on CDL (including IA’s Open Library) to ensure academic and research continuity at a time when many physical collections have been inaccessible.

As ARL and our partner library associations acknowledge, many publishers (including some involved in the lawsuit) are contributing to academic continuity by opening more content during this crisis. As universities and libraries work to ensure scholars and students have the information they need, ARL looks forward to working with publishers to ensure open and equitable access to information. Continuing the litigation against IA for the purpose of recovering statutory damages and shuttering the Open Library would interfere with this shared mutual objective.

It would be nice if the publishers recognized this, but as we’ve said over and over again, these publishers would sue any library if libraries didn’t already exist. The fact that the Open Library looks just marginally different from a traditional library, means they’re unlikely to let go of this stupid, counterproductive lawsuit.

Techdirt.