Italian Digital Signature Software Exposed to Man-in-the-middle Attack?

An independent researcher compiled a list of known Apple OSX-related vulnerabilities, including one that affects the Sparkle Updater Framework.

I’ve just checked my Mac with this command

find /Applications -name Sparkle.framework

and found that DikeX, the old version of the digital-signature tool released by Infocert S.p.a., uses Sparkle. I don’t know if the software is plagued by the bug, but this is exactly the point: nobody from Infocert just warned users with a single word about.

National Security, Mediaset and RAI Way Tower

Today the RAI (Radio Televisione Italiana, the public broadcasting company) Radio News Program asked me to provide an opinion about the risks for the national security in case the broadcasting towers belonging to RAI WAY (public-owned company) be purchased by a Mediaset-controlled company. The importance of these broadcasting towers relies upon the fact that they work both for “ordinary” TV programs and for the law-enforcement and other security-related agencies masts.

Here is the link to the interview that starts at 3:00 min. and, for the non-italian speaking people, here is the summary of what I said: privatizing the national security is an ongoing process started years ago with the “online piracy-child pornography excuse”. Regulations have been passed that turned over the ISP and Telcos’s shoulder the task to perform wiretapping, eavesdropping and geolocalization so this RAYWAY issue is just another brick in the wall. By going ahead with this privatization process, nevertheless, there is a ? risk to jeopardize serious crimes investigations since the information about a criminal proceeding will be known by a much too big number of people. So I wander if this “National Security Frenziness” is for real, or it is just a way to spread the usuale FUD (Fear Uncertainty and Doubt.)

The Italian Internet Bill of Rights. The Trojan Horse Keeps Shaping

According to the Italian online newsmagazine Repubblica.it the Italian Bill of Rights endorsed by Boldrini, the leftist President of the Italian Low Chamber (Camera dei Deputati) is almost ready and will affirm principles such “net-neutrality”, “right to privacy”, “right to universal access” and so on.

If this is what is all this Internet Bill of Rights about, then much ado for practically nothing, since all the alleged “Internet Rights” are already broadly covered by existing laws and regulation but what we do lack is a fair enforcement. Copyright is one of the most blatant examples: the current law protects the author, gives him full control over his works and let him free to use whatever licensing model of choice. He has the right to be acknowledged as the creator of a work and to stop any detrimental use. But what happens in the real life is that these provisions are largely ignored because of the overwhelming power of those who make profit from authors’ work: the publishers. Thus, again, “rules” are the last needed thing in the world.

Of course (and hopefully) this Internet Bill of Rights will never be turned into a real, parliament-passed law. Nevertheless shall become a political platform to ease the shift of the legal liability from the single users who commits a crime or is lazy in protecting his rights to the Telco Industry.

This is not acceptable.