A US federal appeals court says the maker of an online spying tool can be sued on accusations of wiretapping. The federal lawsuit was brought by a man whose e-mail and instant messages to a woman were captured by the husband of the woman. That husband used that data as a “battering ram” as part of his 2010 divorce proceedings.
It’s the second time in a week that a federal court has ruled in a wiretapping case—in favor of a person whose online communications were intercepted without consent. The other ruling was against Google. A judge ruled that a person not using Gmail who sent e-mail to another person using Gmail had not consented to Gmail’s automatic scanning of the e-mail for marketing purposes. Hence, Google could be sued (PDF) for alleged wiretapping violations.
For the moment, the two outcomes are a major victory for privacy. But the reasoning in the lawsuit against the makers of the WebWatcher spy program could have ramifications far beyond the privacy context—and it places liability on the producers of spyware tools.
Amy Abeloff & Robert B. Milligan
On October 20, 2015, a Ninth Circuit panel consisting of Chief Judge Sidney Thomas and Judges M. Margaret McKeown and Stephen Reinhardt heard oral argument from the U.S. Department of Justice and counsel for David Nosal on Nosal’s criminal conviction arising under the Computer Fraud and Abuse Act (CFAA). In 2013, Nosal was found to have violated the CFAA by allegedly conspiring to obtain access to company information belonging to his former employer, executive search firm Korn Ferry, through the borrowing of another employee’s login password. He was also convicted of trade secret misappropriation under the Economic Espionage Act.
Millions of websites used in e-commerce and other sensitive industries are vulnerable to remote take-over hacks made possible by a critical vulnerability that has affected the Joomla content management system for almost two years.
The SQL-injection vulnerability was patched by Joomla on Thursday with the release of version 3.4.5. The vulnerability, which allows attackers to execute malicious code on servers running Joomla, was first introduced in version 3.2 released in early November 2013. Joomla is used by an estimated 2.8 million websites.
“Because the vulnerability is found in a core module that doesn’t require any extensions, all websites that use Joomla versions 3.2 and above are vulnerable,” Asaf Orpani, a researcher inside Trustwave’s Spiderlabs, wrote in a blog post. The vulnerability, and two closely related security flaws, have been cataloged as CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858.
The New York State Supreme Court has overturned the second conviction of Sergey Aleynikov, a former programmer accused of stealing high-frequency trading source code after leaving Goldman Sachs in 2009.
The Russian-American programmer, who was featured in the book Flash Boys, was previously convicted in federal court in 2010 on one count of stealing trade secrets and one count of transporting stolen property.
He was released from prison when the United States Court of Appeals for the Second Circuit overturned the conviction in 2012.