Home Cyber Crime UK firm accused of bullying small businesses with CSP patent infringement letters...

UK firm accused of bullying small businesses with CSP patent infringement letters backtracks


Datawing disavows CSP nonce authorized offensive

UK firm Datawing has backtracked after sending letters alleging patent infringement

A UK agency has backtracked after sending letters alleging patent infringement to a set of small companies who had enabled the CSP nonces internet safety function.

Content Security Policy (CSP) generally is a know-how geared in direction of mitigating cross-site scripting (XSS) assaults.

CSP nonces provide an extension to the know-how, launched 5 years in the past with CSP model 2, and supported by the Nginx internet server and Cloudflare Employees, amongst others.

Patent trolling?

UK agency Datawing claims that the know-how is roofed by US and UK patents it holds.

The UK patent had lapsed however was renewed in Might 2021 simply weeks earlier than Datawing despatched out a authorized nastygram to small UK-based corporations, a small subset of the organizations that it claims had been violating its patent.

Web sites turning on security measures within the browser are being knowledgeable of alleged patent infringement and advised they must license Datawing’s Scriptlock product, software program designed to stop the unauthorised execution of JavaScript.

A replica of the contentious letter will be discovered here.

Catch up on the latest security-related legal news

The authorized offensive was noticed by distinguished UK safety researcher Scott Helme, who questioned the applicability of the patent to a broadly used internet safety know-how. Helme didn’t obtain a letter himself however does run an internet site, Report URI, that customers CSP nonces.

Helme slammed Datawing as appearing like a patent troll in a detailed blog post on the subject.

The safety researcher advised The Every day Swig that Datawing had set about concentrating on “smaller organizations which are prone to be intimidated by these letters and pay the license charge”.

In the meantime the Public Curiosity Patent Regulation Institute supplied help to organizations that had obtained letters from Datawing, a transfer that significantly diminished its prospects of extracting a licensing charge from letter recipients.

Datawing takes fright

Within the face of this opposition, Datawing determined to desert its licensing marketing campaign, admitting that its letters had been “unwell suggested” and apologizing for any upset it had prompted.

William Coppock, managing director of Datawing, advised The Every day Swig: “In brief I used to be unwell suggested, and the letters had been a whole error in judgement.

“I’m really sorry to have prompted upset over this. I’ll be writing to the 25 corporations involved to apologise for the upset prompted.”

Datawing bristles at criticism that its letters had been threatening.

Coppock concluded: “I didn’t intend for my letters to be interpreted as a risk. The intention was solely to clarify the scenario in an open and impartial method and ask for help.”

The Every day Swig additionally approached the Public Curiosity Patent Regulation Institute for remark. We’ll replace this story as and when extra info comes at hand.

READ Citrix quietly restores vulnerability credits to Positive Technologies researchers after Russian infosec firm’s erasure

Source link