5,447 research outputs found
Hide It or Unbundle It: A Comparison of the Antitrust Investigations Against Microsoft in the U.S. and the E.U.
[Excerpt] Microsoft Corporation, the world’s largest software company, has been facing antitrust scrutiny globally. In the U.S., after what’s been called the antitrust trial of the century, a consent decree was reached between Microsoft, the United States government, and several states, that closely resembled the litigated remedy that the remaining states received. Only Massachusetts appealed the litigated remedy, which was approved by the appeals court on June 30, 2004. In the United States, Microsoft was required to hide, but not remove, the Internet Explorer browser on the Windows Operating System. While antitrust litigation was ongoing in the United States against Microsoft, the European Union (“E.U.”) was also investigating Microsoft under E.U. antitrust law. In March, 2004, after a five year investigation, the European Union Commission fined Microsoft 497 million euros, required Microsoft to offer the Windows operating system without Windows Media Player, and required Microsoft to disclose interfaces to competitors. On December 22, 2004, the E.U.’s Court of First Instance denied Microsoft’s request for a stay of this order, and ordered Microsoft to comply; the full appeal is pending at the time of this publication. This article will examine, compare, and contrast the protracted antitrust litigation that Microsoft has faced in the U.S. and the E.U. This article will then examine what further antitrust problems Microsoft may be facing
AdSplit: Separating smartphone advertising from applications
A wide variety of smartphone applications today rely on third-party
advertising services, which provide libraries that are linked into the hosting
application. This situation is undesirable for both the application author and
the advertiser. Advertising libraries require additional permissions, resulting
in additional permission requests to users. Likewise, a malicious application
could simulate the behavior of the advertising library, forging the user's
interaction and effectively stealing money from the advertiser. This paper
describes AdSplit, where we extended Android to allow an application and its
advertising to run as separate processes, under separate user-ids, eliminating
the need for applications to request permissions on behalf of their advertising
libraries.
We also leverage mechanisms from Quire to allow the remote server to validate
the authenticity of client-side behavior. In this paper, we quantify the degree
of permission bloat caused by advertising, with a study of thousands of
downloaded apps. AdSplit automatically recompiles apps to extract their ad
services, and we measure minimal runtime overhead. We also observe that most ad
libraries just embed an HTML widget within and describe how AdSplit can be
designed with this in mind to avoid any need for ads to have native code
The Internet of Hackable Things
The Internet of Things makes possible to connect each everyday object to the
Internet, making computing pervasive like never before. From a security and
privacy perspective, this tsunami of connectivity represents a disaster, which
makes each object remotely hackable. We claim that, in order to tackle this
issue, we need to address a new challenge in security: education
Hardening the Browser: Protecting Patron Privacy on the Internet
As more and more time is spent accessing and producing content online, libraries need to
position themselves to offer Internet privacy to patrons as well. This column details how to
secure the web browser, from choosing state-of-the-art software to strong default settings to
using add-ons to extend the capabilities of the browser
Using Control Frameworks to Map Risks in Web 2.0 Applications
Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. The objective of this study is to develop a framework to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and related Technology and Trust Service Principles and Criteria and associated control objectives relating to security risks. These objectives were used to develop a framework which can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.Web 2.0, Security risks, Control framework, Control Objectives for Information and related Technology (CobiT), Trust Service Principles and Criteria
- …