An anonymous reader cites a report on TorrentFreak: DVDFab has failed to cease its operations in the U.S. and should be sanctioned, AACS says. The decryption licensing outfit founded by Warner Bros, Disney, Microsoft, Intel and others, informs a New York federal court that DVDFab's parent company has blatantly ignored a permanent injunction that was issued last year. In 2014 decryption licensing outfit AACS LA initiated a renewed crackdown on DRM-circumvention software. The company, founded by a group of movie studios and technology partners, sued the makers of popular DVD and Blu-Ray ripping software DVDFab in a New York federal court. After a brief legal battle the court ruled in favor of AACS, issuing an injunction based on the argument that the "DVDFab Group" violates the DMCA's anti-circumvention clause, since their software can bypass DVD and Bluray encryption. Among other things, the injunction barred DVDFab from distributing its software in public and allowed AACS to seize a wide range of domain names. The crippling injunction seemed to work, but not for long. In a new court filing, AACS notes that the software vendor briefly blocked U.S. purchases but went back to business as usual soon after (PDF).

Reader Robotech_Master writes: After a recent Kobo software upgrade, a number of Kobo customers have reported losing e-books from their libraries -- notably, e-books that had been transferred to Kobo from their Sony Reader libraries when Sony left the consumer e-book business. One customer reported missing 460 e-books, and the only way to get them back in her library would be to search and re-add them one at a time! Customers who downloaded their e-books and illegally broke the DRM don't have this problem, of course.From the report: A Kobo representative actually chimed in on the thread, telling MobileRead users that they were following the thread and trying to fix the glitches that had been caused by the recent software changes and restore customers' e-books. It's good that they're paying attention, and that's definitely better than my first go-round with Barnes and Noble support over my own missing e-book. Hopefully they'll get it sorted out soon. That being said, this drives home yet again the point that publisher-imposed DRM has made and is making continued maintenance of e-book libraries from commercial providers a big old mess. About the only way you can be sure you can retain the e-books you pay for is to outright break the law and crack the DRM in order to be able to back them up against your company going out of business and losing the purchases you paid for.

An anonymous reader writes: Humble Bundle announced a special "pay what you want" sale for four ebooks from No Starch Press, with proceeds going to the Electronic Frontier Foundation (or to the charity of your choice). This "hacker edition" sale includes two relatively new titles from 2015 -- "Automate the Boring Stuff with Python" and Violet Blue's "Smart Girl's Guide to Privacy," as well as "Hacking the Xbox: An Introduction to Reverse Engineering" by Andrew "bunnie" Huang, and "The Linux Command Line".

Hackers who are willing to pay "more than the average" -- currently $14.87 -- can also unlock a set of five more books, which includes "The Maker's Guide to the Zombie Apocalypse: Defend Your Base with Simple Circuits, Arduino, and Raspberry Pi". (This level also includes "Bitcoin for the Befuddled" and "Designing BSD Rootkits: An Introduction to Kernel Hacking".) And at the $15 level -- just 13 cents more -- four additional books are unlocked. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" is available at this level, as well as "Hacking: The Art of Exploitation" and "Black Hat Python."
Nice to see they've already sold 28,506 bundles, which are DRM-free and available in PDF, EPUB, and MOBI format. (I still remember Slashdot's 2012 interview with Make magazine's Andrew "bunnie" Huang, who Samzenpus described as "one of the most famous hardware and software hackers in the world.")

Reader Mickeycaskill writes: The USB 3.0 Promoter Group, of which HP, Intel and Microsoft are members, has developed authentication protocols for USB-C and will offer free software to detect faulty or malicious cables.This tool will alert users if they are using a non-authenticated cable. It has been suggested that hardware manufacturers could ship devices with an authentication system already installed. It is hoped that the specification will help end a number of recent incidents where sub-standard cables have either ripped off buyers or damaged devices. Most recently, Amazon said it would be adding USB-C cables and adapters that do not comply with standard regulations to its list of prohibited electronics items.

An anonymous reader shares an article on Ars Technica: A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down. Sophisticated Mumblehard spamming malware flew under the radar for five years. Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom "packer" to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines' operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service. "There was a script automatically monitoring the CBL for the IP addresses of all the spam-bots," researchers from security firm Eset wrote in a blog post published Thursday. "If one was found to be blacklisted, this script requested the delisting of the IP address. Such requests are protected with a CAPTCHA to avoid automation, but OCR (or an external service if OCR didn't work) was used to break the protection."

An anonymous reader writes: After being desired by NVIDIA Linux users for years, the proprietary GeForce graphics driver natively supports Wayland and Mir as an alternative to an X.Org Server. It's been a long time coming for the proprietary GPU driver stacks to support Wayland/Mir, but with today's 364.12 beta driver there is now the necessary DRM KMS kernel support and EGL extensions for being able to handle these next-generation display solutions. The new NVIDIA Linux driver also provides integrated Vulkan support, PRIME rendering support, and other additions.

An anonymous reader writes: Researchers at Palo Alto Networks are reporting about a new iOS malware that could infect non-jailbroken devices without a user's consent. Dubbed "AceDeceiver," the iOS malware exploits a flaw in Apple's DRM software. The researchers claim that the iOS malware could technically infect any type of iOS device, provided a user downloads a third-party app. From the blog post on Palo Alto Networks' website, "AceDeceiver is the first iOS malware we've seen that abuses certain design flaws in Apple's DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called "FairPlay Man-In-The-Middle (MITM)" and has been used since 2013 to spread pirated iOS apps, but this is the first time we've seen it used to spread malware." The aforementioned malware required users to download a compromised Windows application. Apple has removed three offending apps from the App Store, and it appears that only users in China were targetted.

DVDFab, a software tool for ripping and decrypting DVDs and Blu-ray discs, will not be upgraded to support newer Ultra HD (4K) Blu-ray discs. Fengtao Software, which makes DVDFab, said in a statement that it "will not decrypt or circumvent AACS 2.0 in the days to come. This is in accordance with AACS-LA, (which has not made public the specifications for AACS 2.0), the Blu-ray Disc Association and the movie studios." AACS-LA is the body that develops and licenses the Blu-ray DRM system. AACS 2.0 has a 'basic' version that sounds quite similar to existing AACS, but also an 'enhanced' version of DRM that requires the playback device to download the decryption key from the internet. There might still be a hole in the AACS 2.0 crypto scheme that allows for UHD discs to be ripped, but presumably it'll be a lot tougher that its predecessors.

David Rothman writes: Back in 2003, Slashdot ran TeleRead's call for a brick-and-mortar international e-book museum at the Library of Congress. The proposed museum would focus on the devices and other technology rather than the content. It still isn't too late for such a project, and TeleRead is again advocating the idea. Content, too, actually would benefit -- considering that proprietary formats and DRM can imperil the future readability of e-books. Meanwhile, a small-scale e-book museum is about to open in Paris and is looking for donations. A worthy cause!

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

An anonymous reader writes: With this month's Raspbian OS update, the Debian-based operating system for the Raspberry Pi ships experimental OpenGL driver support. This driver has been developed over the past two years by a former Intel developer with having a completely open and mainline DRM kernel driver and Mesa Gallium driver to open up the Pi as a replacement to the proprietary GPU driver.

AmiMoJo writes: Japanese broadcasters have indicated that 4k and 8k broadcasts may have recording disabled via a 'do not copy' flag [via Google Translate], which receivers would be expected to obey. Now the Internet Users Association (MIAU) and Shufuren (Housewives Federation) have submitted documentation opposing the ban. The document points out that the ban will only inconvenience the majority of the general audience, while inevitably failing to prevent unauthorized copying by anyone determined to circumvent the protection.

janoc writes: It seems that the infamous FTDI driver that got famous by intentionally bricking counterfeit chips [NOTE: that driver was later removed] has got a new update that injects garbage data ('NON GENUINE DEVICE FOUND!') into the serial data. This was apparently going on for a while, but only now is the driver being pushed as an automatic update through Windows Update, thus many more people stand to be affected by this.

Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.

An anonymous reader writes with news about an editor revolt at Wikimedia to remove Arnnon Geshuri from the foundation's board. Ars reports: "Nearly 200 Wikipedia editors have taken the unprecedented step of calling for a member of the Wikimedia Foundation board of directors to be tossed out. The Wikimedia Foundation, which governs both the massive Wikipedia online encyclopedia and related projects, appointed Arnnon Geshuri to its board earlier this month. His appointment wasn't well received by the Wikipedia community of volunteer editors, however. And last week, an editor called for a 'vote of no confidence on Arnnon Geshuri.' The voting, which has no legally binding effect on the Wikimedia Foundation, is now underway. As of press time, 187 editors had voted in favor of this proposition: 'In the best interests of the Wikimedia Foundation, Arnnon Geshuri must be removed from his appointment as a trustee of the Wikimedia Foundation Board.' Just 13 editors have voted against, including Wikimedia board member Guy Kawasaki.

itwbennett writes: Google has developed a patch for Android in response to a flaw in the Linux kernel and has shared it with device manufacturers. That doesn't mean the patch will hit users' phones right away, though. It might take weeks. But that's ok, says Google, because most Android devices are unlikely to run vulnerable kernel versions, and those that do are protected by SELinux.

An anonymous reader writes: AMD has confirmed that their Vulkan Linux driver will only work with the new AMDGPU kernel driver, meaning that for right now on the desktop, Vulkan will just work on the Radeon R9 285, R9 380, R9 380X and R9 Fury series — not even the other Rx 200/300 series graphics cards. This limitation exists because the AMDGPU driver only works with GCN 1.2 and newer. In time, AMD may allow the driver to work on older GCN GPUs going back to the HD 7000 series. But wait: AMDGPU is open-source. AMD is welcoming community support to help bring AMDGPU (and thereby Vulkan) to these older GPUs. The work involved would be porting GCN 1.0/1.1 support from the existing open-source Radeon DRM driver over to the new AMDGPU DRM driver. The Vulkan code itself is said to already be compatible with all GCN GPUs going back to the HD 7xxx series.

schnell writes: Engadget reports that a few recent top-tier video game releases using updated DRM technology have gone uncracked for more than a month and left DRM hackers stymied thus far. The games FIFA 16 and Just Cause 3, using an updated DRM system called Denuvo, have thus far frustrated experienced Chinese crackers' best efforts far longer than the usual 1-2 weeks it takes for most games to be cracked. Although the article is light on technical details about what makes the new DRM system harder to defeat, it does note that "Based on the current pace of encryption tech, 'in two years time I'm afraid there will be no free games to play in the world,' said one forlorn pirate."

HughPickens.com writes: Researchers Halfaker, Geiger, Morgan, and Riedl have a new paper on the topic of open collaboration systems about how Wikipedia's reaction to its popularity is causing its decline. From the Abstract: "Open collaboration systems like Wikipedia need to maintain a pool of volunteer contributors in order to remain relevant. Wikipedia was created through a tremendous number of contributions by millions of contributors. However, recent research has shown that the number of active contributors in Wikipedia has been declining steadily for years, and suggests that a sharp decline in the retention of newcomers is the cause. This paper presents data that show that several changes the Wikipedia community made to manage quality and consistency in the face of a massive growth in participation have ironically crippled the very growth they were designed to manage. Specifically, the restrictiveness of the encyclopedia's primary quality control mechanism and the algorithmic tools used to reject contributions are implicated as key causes of decreased newcomer retention. Further, the community's formal mechanisms for norm articulation are shown to have calcified against changes – especially changes proposed by newer editors."

Press2ToContinue writes: Apple's Lightning cable cartel be damned: Switzerland is moving forward with a plan for a single, universal phone charger across the country, standardizing phone chargers across the board. While the exact standard hasn't been mentioned yet, it wouldn't be hard to guess the standard: Micro USB, used across phone platforms, most especially Android, which has a gigantic chunk of the cell phone market worldwide.

The likely loser? Apple, which has relied on proprietary chargers since introducing the iPhone in 2007. While many companies have tried releasing generic cables, Apple often relies on DRM software to ensure that it's an Apple certified cable, charging $19 a piece for the Lightning charger used by the iPhone 5 and 6 and similar models.

What do you think -- are government-mandated standards for chargers a good idea? Despite the success of the standard household 3-prong electrical plug, doesn't this hamper progress? China seems to have done most of the work on the wall-circuit side of the equation,several years ago. But as to the "standard" 3-prong plug, any particular plug type is only as universal as the sockets and voltages they supply.

Robotech_Master writes: It always puzzles me whenever I run across a post somewhere that uses JavaScript to try to prevent me from copying and pasting text, or even viewing the source. These measures are simple enough to bypass just by disabling JavaScript in my browser. It seems like these measures are very similar to the DRM publishers insist on slapping onto e-books and movie discs—easy to defeat, but they just keep throwing them on anyway because they might inconvenience a few people.