[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-microsoft.de.html propr...
From: |
GNUN |
Subject: |
www/proprietary malware-microsoft.de.html propr... |
Date: |
Mon, 17 Jul 2017 00:30:34 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 17/07/17 00:30:33
Modified files:
proprietary : malware-microsoft.de.html
proprietary-insecurity.de.html
proprietary/po : malware-microsoft.de-diff.html
proprietary-insecurity.de-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-microsoft.de.html?cvsroot=www&r1=1.19&r2=1.20
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.de.html?cvsroot=www&r1=1.16&r2=1.17
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-microsoft.de-diff.html?cvsroot=www&r1=1.6&r2=1.7
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-insecurity.de-diff.html?cvsroot=www&r1=1.4&r2=1.5
Patches:
Index: malware-microsoft.de.html
===================================================================
RCS file: /web/www/www/proprietary/malware-microsoft.de.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -b -r1.19 -r1.20
--- malware-microsoft.de.html 8 May 2017 03:04:34 -0000 1.19
+++ malware-microsoft.de.html 17 Jul 2017 04:30:32 -0000 1.20
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE" value="/proprietary/malware-microsoft.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/malware-microsoft.de.po">
+ https://www.gnu.org/proprietary/po/malware-microsoft.de.po</a>'
+ --><!--#set var="ORIGINAL_FILE" value="/proprietary/malware-microsoft.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/malware-microsoft.de-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2017-05-18" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/malware-microsoft.en.html" -->
<!--#include virtual="/server/header.de.html" -->
<!-- Parent-Version: 1.79 -->
@@ -9,6 +14,7 @@
<!--#include virtual="/proprietary/po/malware-microsoft.translist" -->
<!--#include virtual="/server/banner.de.html" -->
+<!--#include virtual="/server/outdated.de.html" -->
<h2>Microsofts Software ist Schadsoftware</h2>
<p><a href="/proprietary/">Weitere Beispiele proprietärer
Schadsoftware</a></p>
@@ -636,7 +642,7 @@
<p class="unprintable"><!-- timestamp start -->
Letzte Ãnderung:
-$Date: 2017/05/08 03:04:34 $
+$Date: 2017/07/17 04:30:32 $
<!-- timestamp end -->
</p>
Index: proprietary-insecurity.de.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-insecurity.de.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -b -r1.16 -r1.17
--- proprietary-insecurity.de.html 8 May 2017 03:04:34 -0000 1.16
+++ proprietary-insecurity.de.html 17 Jul 2017 04:30:32 -0000 1.17
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE"
value="/proprietary/proprietary-insecurity.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/proprietary-insecurity.de.po">
+ https://www.gnu.org/proprietary/po/proprietary-insecurity.de.po</a>'
+ --><!--#set var="ORIGINAL_FILE"
value="/proprietary/proprietary-insecurity.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/proprietary-insecurity.de-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2017-05-18" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/proprietary-insecurity.en.html" -->
<!--#include virtual="/server/header.de.html" -->
<!-- Parent-Version: 1.79 -->
@@ -8,6 +13,7 @@
<!--#include virtual="/proprietary/po/proprietary-insecurity.translist" -->
<!--#include virtual="/server/banner.de.html" -->
+<!--#include virtual="/server/outdated.de.html" -->
<h2>Proprietäre Unsicherheit</h2>
<a href="/proprietary/">Weitere Beispiele proprietärer Schadsoftware</a>
@@ -618,7 +624,7 @@
<p class="unprintable"><!-- timestamp start -->
Letzte Ãnderung:
-$Date: 2017/05/08 03:04:34 $
+$Date: 2017/07/17 04:30:32 $
<!-- timestamp end -->
</p>
Index: po/malware-microsoft.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/malware-microsoft.de-diff.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -b -r1.6 -r1.7
--- po/malware-microsoft.de-diff.html 24 Sep 2016 14:28:41 -0000 1.6
+++ po/malware-microsoft.de-diff.html 17 Jul 2017 04:30:33 -0000 1.7
@@ -15,12 +15,6 @@
<title>Microsoft's Software Is Malware
- GNU Project - Free Software Foundation</title>
<!--#include virtual="/proprietary/po/malware-microsoft.translist" -->
-<style type="text/css" media="print,screen">
-<!--
-#content div.toc li { list-style: none; margin-bottom: 1em; }
-#content div.toc { margin-top: 1em; }
--->
-</style>
<!--#include virtual="/server/banner.html" -->
<h2>Microsoft's Software is Malware</h2>
@@ -48,14 +42,12 @@
</p>
</div>
-<div class="toc">
-<div class="malfunctions">
+<div class="summary" style="margin-top: 2em">
+<h3>Type of malware</h3>
<ul>
-<li><strong>Type of malware</strong></li>
<li><a href="#back-doors">Back doors</a></li>
<!--<li><a
href="#censorship">Censorship</a></li>-->
-<span class="removed"><del><strong><!--<li><a
href="#insecurity">Insecurity</a></li>--></strong></del></span>
-<span class="inserted"><ins><em><li><a
href="#insecurity">Insecurity</a></li></em></ins></span>
+<li><a href="#insecurity">Insecurity</a></li>
<li><a href="#sabotage">Sabotage</a></li>
<li><a href="#interference">Interference</a></li>
<li><a href="#surveillance">Surveillance</a></li>
@@ -69,14 +61,13 @@
manufacturer.</li>
</ul>
</div>
-</div>
<h3 id="back-doors">Microsoft Back Doors</h3>
<ul>
<li><p><a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
Microsoft has already backdoored its disk
encryption</a>.</p></li>
- <li><p>Microsoft Windows has a universal back door through which
<a
href="http://www.informationweek.com/news/showArticle.jhtml?articleID=201806263">
+ <li><p>Microsoft Windows has a universal back door through which
<a
href="http://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183">
any change whatsoever can be imposed on the users</a>.</p>
<p>More information on when <a
href="http://slated.org/windows_by_stealth_the_updates_you_dont_want">
@@ -93,11 +84,12 @@
But there is no excuse for <em>deleting</em> the programs, and
you
should have the right to decide who (if anyone) to trust in this
way.</p></li>
- <li><p>Windows 8's back doors are so gaping that <a <span
class="removed"><del><strong>href="http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/"></strong></del></span>
- <span
class="inserted"><ins><em>href="https://web.archive.org/web/20160310201616/http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/"></em></ins></span>
- the German government has decided it can't be
trusted</a>.</p></li>
+ <li><p>German government <a
href="https://web.archive.org/web/20160310201616/http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/">veers
+ away from Windows 8 computers with TPM 2.0 due to potential back
+ door capabilities of the TPM 2.0 chip</a>.</p>
+ </li>
-<span class="inserted"><ins><em><li><p>Users reported that <a
+<li id="windows7-back-door"><p>Users reported that <a
href="http://www.networkworld.com/article/2993490/windows/windows-10-upgrades-reportedly-appearing-as-mandatory-for-some-users.html#tk.rss_all">
Microsoft was forcing them to replace Windows 7 and 8 with all-spying
Windows 10</a>.</p>
@@ -119,7 +111,21 @@
<h3 id="insecurity">Microsoft Insecurity</h3>
+<p>These bugs are/were not intentional, so unlike the rest of the file
+ they do not count as malware. We mention them to refute the
+ supposition that prestigious proprietary software doesn't have grave
+ bugs.</p>
+
<ul>
+
+<span class="inserted"><ins><em><li>
+ <p>Exploits of bugs in Windows, which were developed by the NSA
+ and then leaked by the Shadowbrokers group, are now being used to
+ <a
href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack
a great number
+ of Windows computers with ransomware</a>.
+ </p>
+</li></em></ins></span>
+
<li><p>A <a
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
in Internet Explorer and Edge</a>
allows an attacker to retrieve Microsoft account credentials, if
the user is tricked into visiting a malicious link.</p>
@@ -130,7 +136,7 @@
into a botnet for the purpose of collecting customers' credit card
numbers</a>.
</p>
-</li></em></ins></span>
+</li>
</ul>
@@ -143,6 +149,22 @@
actions that harm to the users of specific Microsoft software.</p>
<ul>
+ <li><p> Microsoft
+ <a
href="https://arstechnica.com/information-technology/2017/04/new-processors-are-now-blocked-from-receiving-updates-on-old-windows/">
+ has dropped support for Windows 7 and 8 on recent processors</a>
+ in a big hurry.</p>
+ <p>It makes no difference what legitimate reasons Microsoft might
+ have for not doing work to support them. If it doesn't want to
+ do this work, it should let users do the work.</p>
+ </li>
+
+ <li>
+ <p>Microsoft has made Windows 7 and 8 cease to function on certain
+ new computers,
+ <a
href="https://support.microsoft.com/en-us/help/4012982/discusses-an-issue-in-which-you-receive-a-your-pc-uses-a-processor-tha">effectively
+ forcing their owners to switch to Windows 10</a>.</p>
+ </li>
+
<li><p>Once Microsoft has tricked a user into accepting
installation
of Windows
10, <a
href="http://www.theregister.co.uk/2016/06/01/windows_10_nagware_no_way_out/">they
@@ -171,7 +193,7 @@
the old version on your future platforms.
</p></li>
- <span class="inserted"><ins><em><li><p>Microsoft
+ <li><p>Microsoft
is <a
href="http://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146">
forcibly pushing Windows
update to its version 10</a>, ignoring the flag on Windows 7 or 8
@@ -181,22 +203,22 @@
<li><p>Windows 10 “upgrades” <a
href="http://www.ghacks.net/2015/11/24/beware-latest-windows-10-update-may-remove-programs-automatically/">
- delete applications</a> without asking
permission.</p></li></em></ins></span>
+ delete applications</a> without asking
permission.</p></li>
<li><p>
Microsoft is <a
href="http://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1">
repeatedly nagging many users to install Windows 10</a>.
</p></li>
-<span class="inserted"><ins><em><li><p>
+<li><p>
Microsoft was for months <a
href="http://www.theguardian.com/technology/2016/feb/02/microsoft-downloading-windows-10-automatic-update">
tricking users into “upgrading” to Windows 10</a>, if they
failed to notice and say no.
-</p></li></em></ins></span>
+</p></li>
- <li><p><a <span
class="removed"><del><strong>href="http://www.computerworlduk.com/blogs/open-enterprise/how-can-any-company-ever-trust-microsoft-again-3569376/"></strong></del></span>
-<span
class="inserted"><ins><em>href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm"></em></ins></span>
+ <li><p><a
+href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm">
Microsoft informs the NSA of bugs in Windows before fixing
them.</a></p></li>
<li><p><a
href="http://www.computerworlduk.com/blogs/open-enterprise/windows-xp-end-of-an-era-end-of-an-error-3569489/">
@@ -220,8 +242,20 @@
interference.</p>
<ul>
+ <li><p>Windows displays
+ <a
href="http://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer">
+ intrusive ads for Microsoft products and its
+ partners' products</a>.</p>
+ <p>The article's author starts from the premise that Microsoft
+ has a right to control what Windows does to users, as long as it
+ doesn't go “too far”. We disagree.</p></li>
+
+ <li><p>Microsoft inserts <a
+href="https://www.theguardian.com/technology/2017/mar/10/windows-10-users-complain-new-microsoft-subscription-onedrive-adverts">
+ annoying advertisements inside of the File Explorer</a> to nag
+ users to buy subscriptions for the OneDrive service.</p></li>
-<span class="inserted"><ins><em><li>In order to increase Windows 10's
install base, Microsoft
+<li>In order to increase Windows 10's install base, Microsoft
<a
href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
blatantly disregards user choice and privacy</a>.
@@ -229,7 +263,7 @@
<li><p>Microsoft has
started <a
href="https://www.theguardian.com/technology/2016/jul/04/microsoft-windows-10-full-screen-upgrade-notification-pop-up-reminder">nagging
-users obnoxiously and repeatedly to install Windows
10</a>.</p></li></em></ins></span>
+users obnoxiously and repeatedly to install Windows
10</a>.</p></li>
<li><p>Microsoft
<a
href="http://news.softpedia.com/news/windows-10-upgrade-reportedly-starting-automatically-on-windows-7-pcs-501651.shtml">is
@@ -249,7 +283,17 @@
<ul>
-<span class="inserted"><ins><em><li>It appears <a
+<li><p>Windows DRM
+files <a
href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can
+be used to identify people browsing through Tor</a>. The vulnerability
+exists only if you use Windows.
+</p></li>
+
+<li><p>By default, Windows 10 <a
href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
+debugging information to Microsoft, including core dumps</a>. Microsoft
+now distributes them to another company.</p></li>
+
+<li>It appears <a
href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
Windows 10 sends data to Microsoft about what applications are
running</a>.</li>
@@ -261,7 +305,7 @@
href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
to give users the impression it was gone</a>.</p>
-<p>To use proprietary software is to invite such
treatment.</p></li></em></ins></span>
+<p>To use proprietary software is to invite such
treatment.</p></li>
<li><p>
<a
href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
@@ -275,11 +319,11 @@
to snoop on the users' files, text input, voice input,
location info, contacts, calendar records and web browsing
history, as well as automatically connecting the machines to open
- hotspots and showing targeted <span
class="removed"><del><strong>ads.</p></li></strong></del></span>
<span class="inserted"><ins><em>ads.</p>
+ hotspots and showing targeted ads.</p>
<p>We can suppose Microsoft look at users' files for the US government
on
demand, though the “privacy policy” does not explicit say so.
Will it
- look at users' files for the Chinese government on
demand?</p></li></em></ins></span>
+ look at users' files for the Chinese government on
demand?</p></li>
<li><p>
<a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
@@ -287,7 +331,7 @@
turns off its Bing search and Cortana features, and activates the
privacy-protection settings.</p></li>
- <span class="inserted"><ins><em><li><p>The unique
“advertising ID” for each user enables other companies to
+ <li><p>The unique “advertising ID” for each user
enables other companies to
track the browsing of each specific user.</p></li>
<li>Spyware in Windows 8: <a
href="https://web.archive.org/web/20160313105805/http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
@@ -308,7 +352,7 @@
Microsoft changed Skype
<a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
specifically for spying</a>.</p>
- </li></em></ins></span>
+ </li>
<li><p>
Microsoft uses Windows 10's “privacy policy” to overtly impose a
@@ -330,24 +374,6 @@
maximally evil on every dimension; to make a grab for total power
over anyone that doesn't drop Windows now.</p></li>
- <span class="removed"><del><strong><li><p><a
href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
- Windows 10 requires users to give permission for total snooping</a>,
- including their files, their commands, their text input, and their
- voice input.</p></li>
-
- <li>Spyware in Windows: <a
-href="https://web.archive.org/web/20160313105805/http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
- Windows Update snoops on the user.</a>
- <a
href="http://www.infoworld.com/t/microsoft-windows/look-the-black-underbelly-of-windows-81-blue-222175">
- Windows 8.1 snoops on local searches.</a> And there's a
- <a href="http://www.marketoracle.co.uk/Article40836.html">
- secret NSA key in Windows</a>, whose functions we don't
know.</li>
-
- <li><p>
- <a
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
- Microsoft SkyDrive allows the NSA to directly examine users'
data.</a></p>
- </li></strong></del></span>
-
</ul>
<h3 id="drm">Microsoft DRM</h3>
@@ -361,6 +387,16 @@
<h3 id="jails">Microsoft Jails</h3>
<ul>
+ <li>
+ <p>Windows 10 S ought to be called Windows 10 J, for
“Jail”:
+ <a
href="https://www.theguardian.com/technology/2017/may/03/windows-10-s-microsoft-faster-pc-comparison">only
programs from the Windows Store can be
+ downloaded and executed</a>.</p>
+
+ <p>If the history of iOS as a jail is any indication, Windows 10 J
+ will be no better.</p>
+
+ </li>
+
<li><p><a
href="http://www.itworld.com/operating-systems/301057/microsoft-metro-app-store-lockdown">
Windows 8 on “mobile devices” is a jail</a>: it censors the
user's choice of application programs.</p></li>
@@ -368,17 +404,17 @@
<h3 id="tyrants">Microsoft Tyrants</h3>
<ul>
-<span class="inserted"><ins><em><li>
+<li>
<p>Microsoft accidentally left a way for users to install GNU/Linux
on Windows RT tablets, but now it has <a
href="http://www.securitynewspaper.com/2016/07/15/microsoft-silently-kills-dev-backdoor-boots-linux-locked-windows-rt-slabs/">
-“fixed” the “error”</a>. Those arrogant
-bastards call this “protecting” the users. The article
+ “fixed” the “error”</a>. They have the
+gall to call this “protecting” the users. The article
talks of installing “Linux”, but the context shows it is
really <a href="/gnu/linux-and-gnu.html">GNU/Linux</a> that users
install.
</p>
-</li></em></ins></span>
+</li>
<li><p><a
href="http://fsf.org/campaigns/secure-boot-vs-restricted-boot/">
Mobile devices that come with Windows 8 are tyrants</a>: they block
users from installing other or modified operating
systems.</p></li>
@@ -435,7 +471,7 @@
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2014, 2015, 2016 Free Software Foundation,
Inc.</p>
+<p>Copyright © 2014, 2015, 2016, 2017 Free Software Foundation,
Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
@@ -445,7 +481,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2016/09/24 14:28:41 $
+$Date: 2017/07/17 04:30:33 $
<!-- timestamp end -->
</p>
</div>
Index: po/proprietary-insecurity.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-insecurity.de-diff.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -b -r1.4 -r1.5
--- po/proprietary-insecurity.de-diff.html 14 Sep 2016 06:29:34 -0000
1.4
+++ po/proprietary-insecurity.de-diff.html 17 Jul 2017 04:30:33 -0000
1.5
@@ -20,27 +20,167 @@
<a href="/proprietary/proprietary.html">Other examples of proprietary
malware</a>
-<span class="inserted"><ins><em><p>Nonfree (proprietary) software is
very often malware (designed to
+<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers often exercise that power to the
-detriment of the users they ought to serve.</p></em></ins></span>
+detriment of the users they ought to serve.</p>
<p>This page lists clearly established cases of insecurity in
proprietary software that has grave consequences or is otherwise
noteworthy.</p>
-<p>It would be incorrect to compare proprietary software with a
-fictitious idea of free software as perfect. Every nontrivial program
-has bugs, and any system, free or proprietary, may have security
-holes. That in itself is not culpable. But proprietary software
-developers frequently disregard gaping holes, or even introduce them
-deliberately, and <em>the users are helpless to fix
them</em>.</p>
+<p>It is incorrect to compare free software with a fictitious idea of
+proprietary software as perfect, but the press often implicitly does
+that whenever a security hole in a free program is discovered. The
+examples below show that proprietary software isn't perfect, and
+is often quite sloppy.</p>
+
+<p>It would be equally incorrect to compare proprietary software with
+a fictitious idea of free software as perfect. Every nontrivial
+program has bugs, and any system, free or proprietary, may have
+security errors. To err is human, and not culpable. But proprietary
+software developers frequently disregard gaping holes, or even
+introduce them deliberately. In any case, they keep users
+<em>helpless to fix any security problems that arise</em>.
Keeping the
+users helpless is what's culpable about proprietary software.</p>
<ul>
+<span class="inserted"><ins><em><li id="break-security-smarttv">
+ <p><a
+
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
+ Crackers found a way to break security on a “smart”
TV</a> and use its camera
+ to watch the people who are watching TV.</p>
+</li>
+<li>
+ <p>Many models of Internet-connected cameras <a
+ href="/proprietary/proprietary-back-doors.html#InternetCameraBackDoor">
+ have backdoors</a>.</p>
+
+ <p>That is a malicious functionality, but in addition it is a gross
+ insecurity since anyone, including malicious crackers, <a
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can
find those accounts and use them to get into
+ users' cameras</a>.</p>
+
+</li>
+
+<li>
+ <p>
+ Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
+ pre-installed on 28 models of HP laptops logged the user's
+ keystroke to a file in the filesystem. Any process with access to
+ the filesystem or the MapViewOfFile API could gain access to the
+ log. Furthermore, <a
href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">according
+ to modzero</a> the “information-leak via Covert Storage
+ Channel enables malware authors to capture keystrokes without
+ taking the risk of being classified as malicious task by AV
+ heuristics”.
+ </p>
+</li>
+<li>
+<p>The proprietary code that runs pacemakers, insulin pumps, and other
+medical devices is <a
href="http://www.bbc.co.uk/news/technology-40042584">
+full of gross security faults</a>.</p>
+</li>
+
+
+<li>
+ <p>Exploits of bugs in Windows, which were developed by the NSA
+ and then leaked by the Shadowbrokers group, are now being used to
+ <a
href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack
a great number
+ of Windows computers with ransomware</a>.
+ </p>
+</li></em></ins></span>
+
+<li>
+ <p>Intel's CPU backdoor—the Intel Management Engine—had a
+ <a
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major
security
+ vulnerability for 10 years</a>.</p>
+
+ <span class="inserted"><ins><em><p>The vulnerability allowed a cracker
to access the computer's Intel Active
+ Management Technology
+ (AMT) <a
href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/">
+ web interface with an empty password and gave administrative
+ access</a> to access the computer's keyboard, mouse, monitor
+ among other privileges.</p></em></ins></span>
+
+ <p>It does not help that in newer Intel processors, it is
impossible
+ to turn off the Intel Management Engine. Thus, even users who are
+ proactive about their security can do nothing to protect themselves
+ besides using machines that don't come with the backdoor.</p>
+
+</li>
+
+<li>
+ <p>Many Android devices <a
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
+ can be hijacked through their Wi-Fi chips</a> because of a bug in
+ Broadcom's non-free firmware.</p>
+</li>
+
<li>
-<span class="inserted"><ins><em><p>Due to weak security, <a
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
+<p>When Miele's Internet of Stings hospital disinfectant dishwasher is
+<a
href="https://motherboard.vice.com/en_us/article/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">connected
to the Internet,
+its security is crap</a>.</p>
+
+<p>For example, a cracker can gain access to the dishwasher's
filesystem,
+infect it with malware, and force the dishwasher to launch attacks on other
+devices in the network. Since these dishwashers are used in hospitals, such
+attacks could potentially put hundreds of lives at risk.</p>
+
+</li>
+<li><p>WhatsApp has a feature that
+ <a
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/">
+ has been described as a “back door”</a>
+ because it would enable governments to nullify its encryption.</p>
+ <p>The developers say that it wasn't intended as a back door, and that
+ may well be true. But that leaves the crucial question of whether it
+ functions as one. Because the program is nonfree, we cannot check by
+ studying it.</p></li>
+
+<li>
+<p>The “smart” toys My Friend Cayla and i-Que can be
+<a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely
controlled with a mobile phone</a>; physical access
+is not necessary. This would enable crackers to listen in on a child's
+conversations, and even speak into the toys themselves.</p>
+
+<p>This means a burglar could speak into the toys and ask the child to
+unlock the front door while Mommy's not looking.</p>
+</li>
+
+<li>
+<p>The mobile apps for
+communicating <a
href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with
+a smart but foolish car have very bad security</a>.</p>
+
+<p>This is in addition to the fact that the car contains a cellular
+modem that tells big brother all the time where it is. If you own
+such a car, it would be wise to disconnect the modem so as to turn off
+the tracking.</p>
+</li>
+
+<li>
+<p>If you buy a used “smart” car, house, TV, refrigerator,
+etc.,
+usually <a
href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the
+previous owners can still remotely control it</a>.</p>
+</li>
+
+<li>
+<p>Samsung
+phones <a
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have
+a security hole that allows an SMS message to install
+ransomeware</a>.</p>
+</li>
+
+<li>
+<p>4G LTE phone networks are drastically insecure. They can be
+<a
href="https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/">
+taken
+over by third parties and used for man-in-the-middle
attacks</a>.</p>
+</li>
+
+<li>
+<p>Due to weak security, <a
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
is easy to open the doors of 100 million cars built by
Volkswagen</a>.</p>
</li>
@@ -83,7 +223,7 @@
<p>GNU/Linux does not need antivirus software.</p>
</li>
-<li></em></ins></span>
+<li>
<p>Over 70 brands of network-connected surveillance
cameras <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">have
security bugs that allow anyone to watch through them</a>.</p>
@@ -382,7 +522,7 @@
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2013, 2015, 2016 Free Software Foundation,
Inc.</p>
+<p>Copyright © 2013, 2015, 2016, 2017 Free Software Foundation,
Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
@@ -392,7 +532,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2016/09/14 06:29:34 $
+$Date: 2017/07/17 04:30:33 $
<!-- timestamp end -->
</p>
</div>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary malware-microsoft.de.html propr...,
GNUN <=