[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-insecurity.ru.html ...
From: |
GNUN |
Subject: |
www/proprietary proprietary-insecurity.ru.html ... |
Date: |
Wed, 26 Sep 2018 14:28:12 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 18/09/26 14:28:12
Modified files:
proprietary : proprietary-insecurity.ru.html
proprietary/po : proprietary-insecurity.ru-en.html
proprietary-insecurity.ru.po
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.ru.html?cvsroot=www&r1=1.56&r2=1.57
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-insecurity.ru-en.html?cvsroot=www&r1=1.57&r2=1.58
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-insecurity.ru.po?cvsroot=www&r1=1.188&r2=1.189
Patches:
Index: proprietary-insecurity.ru.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-insecurity.ru.html,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -b -r1.56 -r1.57
--- proprietary-insecurity.ru.html 18 Sep 2018 17:27:38 -0000 1.56
+++ proprietary-insecurity.ru.html 26 Sep 2018 18:28:11 -0000 1.57
@@ -2,6 +2,11 @@
<!--#include virtual="/server/header.ru.html" -->
<!-- Parent-Version: 1.84 -->
+<!--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Generated from propr-blurbs.rec. Please do not edit this file manually !
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-->
<!-- This file is automatically generated by GNUnited Nations! -->
<title>УÑзвимоÑÑÑ Ð½ÐµÑвободнÑÑ
пÑогÑамм -
ÐÑÐ¾ÐµÐºÑ GNU - Фонд Ñвободного пÑогÑаммного
@@ -47,71 +52,97 @@
href="mailto:address@hidden"><address@hidden></a>. УпомÑниÑе
один-два заÑлÑживаÑÑиÑ
довеÑÐ¸Ñ URL, ÑÑобÑ
пÑоиллÑÑÑÑиÑоваÑÑ Ð¿Ð¾Ð´ÑобноÑÑи.</p>
-<ul>
-<li>
+<ul class="blurbs">
+ <li id="M201809240">
+ <p>ÐÑÑледоваÑели оÑкÑÑли ÑпоÑоб <a
+href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co">
+ÑкÑÑваÑÑ Ð³Ð¾Ð»Ð¾ÑовÑе ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð² дÑÑгиÑ
звÑкозапиÑÑÑ
</a>, Ñак ÑÑо лÑди ÑÑи
+ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð½Ðµ ÑлÑÑаÑ, но иÑ
ÑлÑÑÐ°Ñ Alexa и Siri.</p>
+ </li>
+
+ <li id="M201808120">
+ <p>ÐзломÑики наÑли ÑпоÑоб пÑобиÑÑ Ð·Ð°ÑиÑÑ
ÑÑÑÑойÑÑва Amazon и <a
+href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
пÑевÑаÑиÑÑ
+его в ÑÑÑÑойÑÑво, подÑлÑÑиваÑÑее</a> Ð´Ð»Ñ Ð½Ð¸Ñ
.</p>
+
+ <p>ÐÑо бÑло Ð´Ð»Ñ Ð½Ð¸Ñ
нелегко. ÐÐ»Ñ Amazon ÑÑо
бÑло Ð±Ñ Ð³Ð¾Ñаздо пÑоÑе. ÐÑли
+какой-Ñо пÑавÑÑий Ñежим, Ñкажем, ÐиÑай или
СШÐ, велел Amazon ÑделаÑÑ ÑÑо под
+ÑгÑозой запÑеÑа пÑодаваÑÑ Ð¿ÑодÑÐºÑ Ð² ÑÑой
ÑÑÑане, как Ð²Ñ Ð´ÑмаеÑе, наÑла бÑ
+ÐºÐ¾Ð¼Ð¿Ð°Ð½Ð¸Ñ Amazon в Ñебе моÑалÑнÑÑ ÑÐ¸Ð»Ñ ÑказаÑÑ
“неє?</p>
+
+ <p>ÐÑи взломÑики, возможно, ÑвлÑÑÑÑÑ
одновÑеменно Ñ
акеÑами, но, пожалÑйÑÑа, <a
+href="https://stallman.org/articles/on-hacking.html"> не
ÑпоÑÑеблÑйÑе Ñлово
+“Ñ
акеÑÑÑво” в знаÑении “взлом
заÑиÑÑ”</a>.</p>
+ </li>
+
+ <li id="M201807100">
+ <p>Siri, Alexa и вÑе дÑÑгие ÑиÑÑÐµÐ¼Ñ Ð³Ð¾Ð»Ð¾Ñового
ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð³ÑÑ Ð±ÑÑÑ <a
+href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">взÑÑÑ
+под конÑÑÐ¾Ð»Ñ Ð¿ÑогÑаммами, коÑоÑÑе
воÑпÑоизводÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð² неÑлÑÑимом лÑдÑми
+ÑлÑÑÑазвÑковом диапазоне</a>.</p>
+ </li>
+
+ <li id="M201807020">
<p>ÐекоÑоÑÑе ÑелеÑÐ¾Ð½Ñ Samsung ÑлÑÑайнÑм
обÑазом <a
href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages">оÑÑÑлаÑÑ
ÑоÑогÑаÑии лÑдÑм, запиÑаннÑм в адÑеÑной
книжке владелÑÑа</a>.</p>
-</li>
-<li>
+ </li>
+
+ <li id="M201712240">
<p>Ðдна из опаÑноÑÑей “ÐнÑеÑнеÑа
клеÑей” заклÑÑаеÑÑÑ Ð² Ñом, ÑÑо
еÑли Ñ Ð²Ð°Ñ Ð¿ÑекÑаÑаеÑÑÑ Ð¾Ð±ÑлÑживание
ÐнÑеÑнеÑом, Ð²Ñ Ñакже <a
href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/">
ÑÑÑаÑиваеÑе конÑÑÐ¾Ð»Ñ Ð½Ð°Ð´ Ñвоим домом и
бÑÑовой ÑеÑ
никой</a>.</p>
+
<p>Ð ÑелÑÑ
Ñвоей безопаÑноÑÑи не
полÑзÑйÑеÑÑ Ð½Ð¸ÐºÐ°ÐºÐ¾Ð¹ бÑÑовой ÑеÑ
никой,
подклÑÑаÑÑейÑÑ Ðº наÑÑоÑÑÐµÐ¼Ñ ÐнÑеÑнеÑÑ.</p>
-</li>
-<li>
- <p>ÐÐ¾Ð¼Ð¿Ð°Ð½Ð¸Ñ Amazon недавно пÑиглаÑила
поÑÑебиÑелей бÑÑÑ Ð¿ÑоÑÑоÑилÑми и <a
-href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
-позволиÑÑ ÑоÑÑÑдникам ÑлÑжб доÑÑавки
оÑкÑÑваÑÑ Ð¸Ñ
вÑ
однÑе двеÑи</a>. ÐÐ¾Ñ Ð²Ð°Ð¼
-ÑеÑÑÐµÐ·Ð½Ð°Ñ Ð¿ÑоÑеÑ
а в заÑиÑе ÑиÑÑемÑ.</p>
-</li>
-<li>
+ </li>
+
+ <li id="M201711204">
<p>РпÑеднамеÑенном ÑеÑном Ñ
оде в
“маÑине ÑпÑавлениє Intel еÑÑÑ
Ñакже <a
href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/">
непÑеднамеÑеннÑй ÑеÑнÑй Ñ
од</a>.</p>
-</li>
-<li>
+ </li>
+
+ <li id="M201711200">
+ <p>ÐÐ¾Ð¼Ð¿Ð°Ð½Ð¸Ñ Amazon недавно пÑиглаÑила
поÑÑебиÑелей бÑÑÑ Ð¿ÑоÑÑоÑилÑми и <a
+href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
+позволиÑÑ ÑоÑÑÑдникам ÑлÑжб доÑÑавки
оÑкÑÑваÑÑ Ð¸Ñ
вÑ
однÑе двеÑи</a>. ÐÐ¾Ñ Ð²Ð°Ð¼
+ÑеÑÑÐµÐ·Ð½Ð°Ñ Ð¿ÑоÑеÑ
а в заÑиÑе ÑиÑÑемÑ.</p>
+ </li>
+
+ <li id="M201709290">
<p>ÐлоÑ
Ð°Ñ Ð·Ð°ÑиÑа в некоÑоÑÑÑ
авÑомобилÑÑ
позволÑÐµÑ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937">
задейÑÑвоваÑÑ Ð¿Ð¾Ð´ÑÑки безопаÑноÑÑи по
ÑеÑи</a>.</p>
-</li>
-<li>
+ </li>
+
+ <li id="M201709200">
<p>“ÐнÑеллекÑÑалÑнÑй” ÑпÑÐ¸Ñ Ð´Ð»Ñ
внÑÑÑивеннÑÑ
инÑекÑий в болÑниÑаÑ
подклÑÑен к ÐнÑеÑнеÑÑ. ÐÑÑеÑÑвенно, <a
href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">его
заÑиÑа бÑла взломана</a>.</p>
+
<p>ÐамеÑÑÑе, ÑÑо в ÑÑаÑÑе ÑеÑмин <a
href="/philosophy/words-to-avoid.html#Hacker">“Ñ
акеÑÑ”</a>
невеÑно иÑполÑзÑеÑÑÑ Ð´Ð»Ñ Ð¾Ð±Ð¾Ð·Ð½Ð°ÑениÑ
взломÑиков.</p>
-</li>
-<li>
+ </li>
+
+ <li id="M201708280">
<p>ÐÑвÑаÑиÑелÑÐ½Ð°Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑÑ Ð²Ð¾ многиÑ
ÑÑÑÑойÑÑваÑ
ÐнÑеÑнеÑа клеÑей позволÑеÑ
<a
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">опеÑаÑоÑам
ÑвÑзи подглÑдÑваÑÑ Ð·Ð° лÑдÑми, коÑоÑÑе ими
полÑзÑÑÑÑÑ</a>.</p>
+
<p>Ðе бÑÐ´Ñ Ð¿ÑоÑÑоÑилей — оÑкажиÑÑ Ð¾Ñ
вÑеÑ
клеÑей.</p>
+
<p>ÐÑÐµÐ½Ñ Ð¶Ð°Ð»Ñ, ÑÑо в ÑÑаÑÑе ÑпоÑÑеблÑеÑÑÑ
Ñлово <a
href="/philosophy/words-to-avoid.html#Monetize">
“монеÑизиÑоваÑÑ”</a>.</p>
-</li>
-<li>
- <p>Siri, Alexa и вÑе дÑÑгие ÑиÑÑÐµÐ¼Ñ Ð³Ð¾Ð»Ð¾Ñового
ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð³ÑÑ Ð±ÑÑÑ <a
-href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">взÑÑÑ
-под конÑÑÐ¾Ð»Ñ Ð¿ÑогÑаммами, коÑоÑÑе
воÑпÑоизводÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð² неÑлÑÑимом лÑдÑми
-ÑлÑÑÑазвÑковом диапазоне</a>.</p>
-</li>
+ </li>
-<li id="break-security-smarttv">
- <p><a
-href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
-ÐзломÑики наÑли ÑпоÑоб вÑкÑÑÑÑ Ð·Ð°ÑиÑÑ Ð²
“инÑеллекÑÑалÑном”
-ÑелевизоÑе</a> и воÑполÑзоваÑÑÑÑ ÐµÐ³Ð¾
видеокамеÑой, ÑÑÐ¾Ð±Ñ ÑмоÑÑеÑÑ Ð½Ð° лÑдей,
-коÑоÑÑе ÑмоÑÑÑÑ ÑелевизоÑ.</p>
-</li>
-<li>
+ <li id="M201706201">
<p>Ðо многиÑ
моделÑÑ
<a
href="/proprietary/proprietary-back-doors.html#InternetCameraBackDoor">
подклÑÑеннÑÑ
к ÐнÑеÑнеÑÑ ÐºÐ°Ð¼ÐµÑ ÐµÑÑÑ
лазейки</a>.</p>
@@ -121,40 +152,10 @@
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">можеÑ
найÑи ÑÑи ÑÑеÑнÑе запиÑи и Ñ Ð¸Ñ
помоÑÑÑ
забÑаÑÑÑÑ Ð² видеокамеÑÑ
полÑзоваÑелей</a>.</p>
+ </li>
-</li>
-
-<li>
- <p>
- ÐÐ°ÐºÐµÑ Ð°ÑдиодÑайвеÑов Conexant HD (веÑÑии 1.0.0.46
и более ÑанниÑ
),
-пÑедÑÑÑановленнÑй на 28 моделей
поÑÑаÑивнÑÑ
компÑÑÑеÑов
-Hewlett-Packard, запиÑÑвали в Ñайл нажаÑиÑ
полÑзоваÑÐµÐ»Ñ Ð½Ð° клавиÑи. ÐÑбой
-пÑоÑеÑÑ, Ñ ÐºÐ¾ÑоÑого бÑл доÑÑÑп к MapViewOfFile,
мог ÑиÑаÑÑ ÑÑоÑ
-жÑÑнал. Ðолее Ñого, ÑоглаÑно modzero, “<a
-href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">ÑÑеÑка
-инÑоÑмаÑии ÑеÑез ÑкÑÑÑÑй канал накопиÑелÑ
позволÑÐµÑ Ð°Ð²ÑоÑÑ Ð²ÑедоноÑнÑÑ
-пÑогÑамм пеÑеÑ
ваÑÑваÑÑ Ð½Ð°Ð¶Ð°ÑÐ¸Ñ Ð½Ð° клавиÑи
без ÑиÑка бÑÑÑ ÐºÐ»Ð°ÑÑиÑиÑиÑованнÑм
-алгоÑиÑмами анÑивиÑÑÑов как вÑедоноÑнаÑ
задаÑа</a>”.
- </p>
-</li>
-<li>
-<p>РнеÑвободнÑÑ
пÑогÑаммаÑ
, под
ÑпÑавлением коÑоÑÑÑ
ÑабоÑаÑÑ <a
-href="http://www.bbc.co.uk/news/technology-40042584">каÑдиоÑÑимÑлÑÑоÑÑ,
-ÑпÑиÑÑ Ñ Ð¸Ð½ÑÑлином и дÑÑгие медиÑинÑкие
пÑибоÑÑ</a>, полнÑм-полно гÑÑбÑÑ
-пÑоÑÑеÑов по ÑаÑÑи безопаÑноÑÑи.</p>
-</li>
-
-
-<li>
- <p>ÐÑиÑиÑеÑкие оÑибки в Windows, коÑоÑÑе
накапливалиÑÑ Ð² ÐÐРа заÑем бÑли
-ÑазглаÑÐµÐ½Ñ Ð³ÑÑппой Shadowbrokers, ÑепеÑÑ
пÑименÑÑÑÑÑ, ÑÑÐ¾Ð±Ñ <a
-href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">заÑажаÑÑ
-компÑÑÑеÑÑ Ð¿Ð¾Ð´ Windows Ñ ÑелÑÑ Ð¿Ð¾Ð»ÑÑениÑ
вÑкÑпа.</a>.
- </p>
-</li>
-
-<li id="intel-me-10-year-vulnerability">
- <p>Ð ÑеÑнÑй Ñ
оде в пÑоÑеÑÑоÑа Intel— Intel
Management Engine —
+ <li id="M201706050">
+ <p id="intel-me-10-year-vulnerability">Ð ÑеÑнÑй Ñ
оде в
пÑоÑеÑÑоÑа Intel— Intel Management Engine —
<a
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">10 леÑ
бÑла ÑеÑÑÐµÐ·Ð½Ð°Ñ Ð¿ÑоÑеÑ
а в безопаÑноÑÑи</a>.</p>
@@ -169,397 +170,408 @@
Intel Management Engine невозможно. Таким обÑазом,
даже полÑзоваÑели,
акÑивно ÑабоÑаÑÑие над Ñвоей
безопаÑноÑÑÑÑ, не могÑÑ ÑделаÑÑ Ð½Ð¸Ñего,
ÑÑобÑ
заÑиÑиÑÑ ÑебÑ, кÑоме полÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¼Ð°Ñинами,
в коÑоÑÑÑ
ÑÑого ÑеÑного Ñ
ода неÑ.</p>
+ </li>
-</li>
+ <li id="M201705250">
+ <p>РнеÑвободнÑÑ
пÑогÑаммаÑ
, под
ÑпÑавлением коÑоÑÑÑ
ÑабоÑаÑÑ <a
+href="http://www.bbc.co.uk/news/technology-40042584">каÑдиоÑÑимÑлÑÑоÑÑ,
+ÑпÑиÑÑ Ñ Ð¸Ð½ÑÑлином и дÑÑгие медиÑинÑкие
пÑибоÑÑ</a>, полнÑм-полно гÑÑбÑÑ
+пÑоÑÑеÑов по ÑаÑÑи безопаÑноÑÑи.</p>
+ </li>
-<li>
+ <li id="M201705160">
+ <p>ÐÐ°ÐºÐµÑ Ð°ÑдиодÑайвеÑов Conexant HD (веÑÑии
1.0.0.46 и более ÑанниÑ
),
+пÑедÑÑÑановленнÑй на 28 моделей
поÑÑаÑивнÑÑ
компÑÑÑеÑов
+Hewlett-Packard, запиÑÑвали в Ñайл нажаÑиÑ
полÑзоваÑÐµÐ»Ñ Ð½Ð° клавиÑи. ÐÑбой
+пÑоÑеÑÑ, Ñ ÐºÐ¾ÑоÑого бÑл доÑÑÑп к MapViewOfFile,
мог ÑиÑаÑÑ ÑÑоÑ
+жÑÑнал. Ðолее Ñого, ÑоглаÑно modzero, “<a
+href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">ÑÑеÑка
+инÑоÑмаÑии ÑеÑез ÑкÑÑÑÑй канал накопиÑелÑ
позволÑÐµÑ Ð°Ð²ÑоÑÑ Ð²ÑедоноÑнÑÑ
+пÑогÑамм пеÑеÑ
ваÑÑваÑÑ Ð½Ð°Ð¶Ð°ÑÐ¸Ñ Ð½Ð° клавиÑи
без ÑиÑка бÑÑÑ ÐºÐ»Ð°ÑÑиÑиÑиÑованнÑм
+алгоÑиÑмами анÑивиÑÑÑов как вÑедоноÑнаÑ
задаÑа</a>”.</p>
+ </li>
+
+ <li id="M201705120">
+ <p>ÐÑиÑиÑеÑкие оÑибки в Windows, коÑоÑÑе
накапливалиÑÑ Ð² ÐÐРа заÑем бÑли
+ÑазглаÑÐµÐ½Ñ Ð³ÑÑппой Shadowbrokers, ÑепеÑÑ
пÑименÑÑÑÑÑ, ÑÑÐ¾Ð±Ñ <a
+href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">заÑажаÑÑ
+компÑÑÑеÑÑ Ð¿Ð¾Ð´ Windows Ñ ÑелÑÑ Ð¿Ð¾Ð»ÑÑениÑ
вÑкÑпа.</a>.</p>
+ </li>
+
+ <li id="M201704050">
<p>Ðногие ÑÑÑÑойÑÑва Ñ Android <a
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
можно взÑÑÑ Ð¿Ð¾Ð´ конÑÑÐ¾Ð»Ñ ÑеÑез иÑ
подÑиÑÑÐµÐ¼Ñ Wi-Fi</a> из-за оÑибки в
неÑвободнÑÑ
пÑогÑаммаÑ
Broadcom, под
ÑпÑавлением коÑоÑÑÑ
она ÑабоÑаеÑ.</p>
-</li>
+ </li>
-<li>
-<p>Ðогда <a
+ <li id="M201703270">
+ <p>Ðогда <a
href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">
дезинÑиÑиÑÑÑÑÐ°Ñ Ð¿Ð¾ÑÑдомоеÑÐ½Ð°Ñ Ð¼Ð°Ñина Miele
из ÐнÑеÑнеÑа клеÑей</a> в
болÑниÑе подклÑÑаеÑÑÑ Ðº ÑеÑи, ее заÑиÑа
никÑда не годиÑÑÑ.</p>
-<p>ÐапÑимеÑ, взломÑик Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð»ÑÑиÑÑ Ð´Ð¾ÑÑÑп
к Ñайловой ÑиÑÑеме маÑинÑ, заÑазиÑÑ
+ <p>ÐапÑимеÑ, взломÑик Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð»ÑÑиÑÑ
доÑÑÑп к Ñайловой ÑиÑÑеме маÑинÑ, заÑазиÑÑ
ее вÑедоноÑнÑми пÑогÑаммами и
полÑзоваÑÑÑÑ ÐµÑ ÐºÐ°Ðº плаÑдаÑмом Ð´Ð»Ñ Ð°Ñак на
дÑÑгие ÑÑÑÑойÑÑва в Ñой же ÑеÑи. ÐоÑколÑкÑ
ÑÑи маÑÐ¸Ð½Ñ Ð¿ÑименÑÑÑÑÑ Ð²
болÑниÑаÑ
, ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾ÑÑавиÑÑ Ð¿Ð¾Ð´ ÑгÑозÑ
ÑоÑни жизней.</p>
+ </li>
+
+ <li id="M201702200">
+ <p>ÐÑли Ð²Ñ Ð¿Ð¾ÐºÑпаеÑе “ÑмнÑй”
авÑомобилÑ, дом, ÑелевизоÑ,
+Ñ
олодилÑник и Ñ.д., обÑÑно <a
+href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">пÑедÑдÑÑие
+владелÑÑÑ Ð¼Ð¾Ð³ÑÑ Ð¿Ð¾-пÑÐµÐ¶Ð½ÐµÐ¼Ñ ÑпÑавлÑÑÑ Ð¸Ð¼
на ÑаÑÑÑоÑнии</a>.</p>
+ </li>
+
+ <li id="M201702170">
+ <p>ÐобилÑнÑе пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð´Ð»Ñ ÑвÑзи <a
+href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">ÑмнÑми,
+но дÑÑаÑкими авÑомобилÑми оÑлиÑаÑÑÑÑ
оÑÐµÐ½Ñ Ñлабой безопаÑноÑÑÑÑ</a>.</p>
+
+ <p>ÐÑо дополнÑÐµÑ ÑÐ¾Ñ ÑакÑ, ÑÑо авÑомобилÑ
ÑодеÑÐ¶Ð¸Ñ Ð¼Ð¾Ð´ÐµÐ¼ ÑоÑовой ÑвÑзи, коÑоÑÑй
+вÑе вÑÐµÐ¼Ñ ÑаÑÑказÑваеÑ, где он наÑ
одиÑÑÑ,
СÑаÑÑÐµÐ¼Ñ ÐÑаÑÑ. ÐÑли Ð²Ñ Ð²Ð»Ð°Ð´ÐµÐµÑе
+Ñаким авÑомобилем, бÑло Ð±Ñ Ð¼ÑдÑÑм
оÑÑоединиÑÑ Ð¼Ð¾Ð´ÐµÐ¼, ÑÑÐ¾Ð±Ñ Ð²ÑклÑÑиÑÑ
ÑлежкÑ.</p>
+ </li>
-</li>
-<li><p>Ð WhatsApp еÑÑÑ Ð¾ÑобенноÑÑÑ, коÑоÑÑÑ <a
+ <li id="M201701270">
+ <p>Ð ÑелеÑонаÑ
Samsung еÑÑÑ <a
+href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">пÑокол
+в заÑиÑе, позволÑÑÑий ÑÑÑанавливаÑÑ Ð¿Ð¾ SMS
пÑогÑаммÑ, ÑÑебÑÑÑие вÑкÑпа</a>.</p>
+ </li>
+
+ <li id="M201701130">
+ <p>Ð WhatsApp еÑÑÑ Ð¾ÑобенноÑÑÑ, коÑоÑÑÑ <a
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/">
опиÑÑвали как “ÑеÑнÑй Ñ
од”</a>, поÑомÑ
ÑÑо она Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ
гоÑÑдаÑÑÑÐ²Ñ Ð°Ð½Ð½ÑлиÑоваÑÑ ÑиÑÑование в
ÑÑом пÑиложении.</p>
+
<p>РазÑабоÑÑики завеÑÑÑÑ, ÑÑо ÑÑо не
задÑмÑвалоÑÑ ÐºÐ°Ðº ÑеÑнÑй Ñ
од, и вполне
возможно, ÑÑо пÑавда. Ðо оÑÑаеÑÑÑ Ð³Ð»Ð°Ð²Ð½Ñй
вопÑоÑ: ÑÑнкÑиониÑÑÐµÑ Ð»Ð¸ ÑÑо как
-ÑеÑнÑй Ñ
од? Раз пÑогÑамма неÑвободна, Ð¼Ñ Ð½Ðµ
можем пÑовеÑиÑÑ ÑÑо, изÑÑив ее.</p></li>
+ÑеÑнÑй Ñ
од? Раз пÑогÑамма неÑвободна, Ð¼Ñ Ð½Ðµ
можем пÑовеÑиÑÑ ÑÑо, изÑÑив ее.</p>
+ </li>
-<li>
-<p>“УмнÑе” игÑÑÑки “Ðой дÑÑг
Ðейла” и i-Que <a
+ <li id="M201612061">
+ <p>“УмнÑе” игÑÑÑки “Ðой дÑÑг
Ðейла” и i-Que <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">можно
конÑÑолиÑоваÑÑ Ð¿Ð¾ ÑоÑÐ¾Ð²Ð¾Ð¼Ñ ÑелеÑонÑ</a>;
ÑизиÑеÑкий доÑÑÑп Ð´Ð»Ñ ÑÑого не
нÑжен. ÐÑо позволÑÐµÑ Ð²Ð·Ð»Ð¾Ð¼Ñикам
пÑоÑлÑÑиваÑÑ ÑеÑÑ Ñебенка и даже говоÑиÑÑ
голоÑом ÑамиÑ
игÑÑÑек.</p>
-<p>ÐÑо знаÑиÑ, ÑÑо Ð²Ð¾Ñ Ð¼Ð¾Ð¶ÐµÑ Ð³Ð¾Ð»Ð¾Ñом игÑÑÑки
попÑоÑиÑÑ Ñебенка оÑкÑÑÑÑ Ð´Ð²ÐµÑÑ,
+ <p>ÐÑо знаÑиÑ, ÑÑо Ð²Ð¾Ñ Ð¼Ð¾Ð¶ÐµÑ Ð³Ð¾Ð»Ð¾Ñом
игÑÑÑки попÑоÑиÑÑ Ñебенка оÑкÑÑÑÑ Ð´Ð²ÐµÑÑ,
пока не Ð²Ð¸Ð´Ð¸Ñ Ð¼Ð°Ð¼Ð°.</p>
-</li>
+ </li>
-<li>
-<p>ÐобилÑнÑе пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð´Ð»Ñ ÑвÑзи <a
-href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">ÑмнÑми,
-но дÑÑаÑкими авÑомобилÑми оÑлиÑаÑÑÑÑ
оÑÐµÐ½Ñ Ñлабой безопаÑноÑÑÑÑ</a>.</p>
-
-<p>ÐÑо дополнÑÐµÑ ÑÐ¾Ñ ÑакÑ, ÑÑо авÑомобилÑ
ÑодеÑÐ¶Ð¸Ñ Ð¼Ð¾Ð´ÐµÐ¼ ÑоÑовой ÑвÑзи, коÑоÑÑй
-вÑе вÑÐµÐ¼Ñ ÑаÑÑказÑваеÑ, где он наÑ
одиÑÑÑ,
СÑаÑÑÐµÐ¼Ñ ÐÑаÑÑ. ÐÑли Ð²Ñ Ð²Ð»Ð°Ð´ÐµÐµÑе
-Ñаким авÑомобилем, бÑло Ð±Ñ Ð¼ÑдÑÑм
оÑÑоединиÑÑ Ð¼Ð¾Ð´ÐµÐ¼, ÑÑÐ¾Ð±Ñ Ð²ÑклÑÑиÑÑ
ÑлежкÑ.</p>
-</li>
-
-<li>
-<p>ÐÑли Ð²Ñ Ð¿Ð¾ÐºÑпаеÑе “ÑмнÑй”
авÑомобилÑ, дом, ÑелевизоÑ,
-Ñ
олодилÑник и Ñ.д., обÑÑно <a
-href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">пÑедÑдÑÑие
-владелÑÑÑ Ð¼Ð¾Ð³ÑÑ Ð¿Ð¾-пÑÐµÐ¶Ð½ÐµÐ¼Ñ ÑпÑавлÑÑÑ Ð¸Ð¼
на ÑаÑÑÑоÑнии</a>.</p>
-</li>
-
-<li>
-<p>Ð ÑелеÑонаÑ
Samsung еÑÑÑ <a
-href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">пÑокол
-в заÑиÑе, позволÑÑÑий ÑÑÑанавливаÑÑ Ð¿Ð¾ SMS
пÑогÑаммÑ, ÑÑебÑÑÑие вÑкÑпа</a>.</p>
-</li>
-
-<li>
-<p>ТелеÑоннÑе ÑеÑи 4G LTE кÑайне Ñлабо
заÑиÑенÑ. СвÑÐ·Ñ Ð¿Ð¾ ним могÑÑ <a
+ <li id="M201610230">
+ <p>ТелеÑоннÑе ÑеÑи 4G LTE кÑайне Ñлабо
заÑиÑенÑ. СвÑÐ·Ñ Ð¿Ð¾ ним могÑÑ <a
href="https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/">
пеÑеÑ
ваÑÑваÑÑ ÑÑеÑÑи ÑÑоÑÐ¾Ð½Ñ Ð´Ð»Ñ Ð°Ñак
“Ñеловек поÑеÑедине”</a>.</p>
-</li>
+ </li>
-<li>
-<p>СлабоÑÑÑ Ð·Ð°ÑиÑÑ <a
+ <li id="M201608110">
+ <p>СлабоÑÑÑ Ð·Ð°ÑиÑÑ <a
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">позволÑеÑ
легко оÑкÑÑваÑÑ Ð´Ð²ÐµÑи 100 миллионов
авÑомобилей, ÑобÑаннÑÑ
компанией
“ФолÑкÑваген”</a>.</p>
-</li>
+ </li>
-<li>
-<p><a
+ <li id="M201608080">
+ <p><a
href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/">ÐлÑ
ÑеÑмоÑÑаÑа Ñ Ð½ÐµÑвободнÑми пÑогÑаммами</a>
бÑли ÑазÑабоÑÐ°Ð½Ñ Ð²ÑмогаÑелÑÑкие
пÑогÑаммÑ.</p>
-</li>
+ </li>
-<li>
-<p><a
+ <li id="M201608020">
+ <p><a
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">УÑзвимоÑÑÑ
в Internet Explorer и Edge</a>, позволÑеÑ
злоÑмÑÑленникам извлекаÑÑ
иденÑиÑиÑиÑÑÑÑие даннÑе ÑÑеÑнÑÑ
запиÑей
Microsoft, еÑли полÑзоваÑÐµÐ»Ñ Ð¾Ð±Ð¼Ð°Ð½Ð¾Ð¼
заÑÑавили пеÑейÑи по вÑедоноÑной ÑÑÑлке.</p>
-</li>
+ </li>
-<li>
-<p><a
+ <li id="M201607290">
+ <p><a
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“УдаленнÑе”
ÑообÑÐµÐ½Ð¸Ñ WhatsApp ÑдалÑÑÑÑÑ Ð½Ðµ полноÑÑÑÑ</a>.
ÐÑ
можно воÑÑÑановиÑÑ
-ÑазлиÑнÑми ÑпоÑобами.
-</p>
-</li>
+ÑазлиÑнÑми ÑпоÑобами.</p>
+ </li>
-<li>
-<p>УÑзвимоÑÑÑ Ð² инÑеÑÑейÑе Apple Image I/O
позволила взломÑÐ¸ÐºÑ <a
+ <li id="M201607220">
+ <p>УÑзвимоÑÑÑ Ð² инÑеÑÑейÑе Apple Image I/O
позволила взломÑÐ¸ÐºÑ <a
href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">вÑполнÑÑÑ
вÑедоноÑнÑе пÑогÑÐ°Ð¼Ð¼Ñ Ð¸Ð· лÑбого
пÑиложениÑ, коÑоÑое полÑзÑеÑÑÑ ÑÑим
инÑеÑÑейÑом Ð´Ð»Ñ Ð¾ÑобÑажениÑ
опÑеделенного Ñода гÑаÑиÑеÑкиÑ
Ñайлов</a>.</p>
-</li>
-<li>
-<p>ÐÑибка в неÑвободной библиоÑеке ASN.1,
пÑименÑемой на ÑоÑовÑÑ
вÑÑкаÑ
, а
+ </li>
+
+ <li id="M201607190">
+ <p>ÐÑибка в неÑвободной библиоÑеке ASN.1,
пÑименÑемой на ÑоÑовÑÑ
вÑÑкаÑ
, а
Ñакже в ÑелеÑонаÑ
и маÑÑÑÑÑизаÑоÑаÑ
, <a
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">позволÑеÑ
полÑÑиÑÑ ÐºÐ¾Ð½ÑÑÐ¾Ð»Ñ Ð½Ð°Ð´ ÑÑими ÑиÑÑемами</a>.</p>
-</li>
+ </li>
-<li>
-<p>РпÑогÑаммаÑ
-анÑивиÑÑÑаÑ
ÑÑолÑко оÑибок,
ÑÑо <a
+ <li id="M201606290">
+ <p>РпÑогÑаммаÑ
-анÑивиÑÑÑаÑ
ÑÑолÑко
оÑибок, ÑÑо <a
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">анÑивиÑÑÑÑ
ÑÑ
ÑдÑаÑÑ Ð·Ð°ÑиÑÑ</a>.</p>
-<p>GNU/Linux в анÑивиÑÑÑаÑ
не нÑждаеÑÑÑ.</p>
-</li>
-<li>
-<p>РкамеÑаÑ
наблÑÐ´ÐµÐ½Ð¸Ñ Ð±Ð¾Ð»ÐµÐµ 70 маÑок <a
-href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">обнаÑÑженÑ
-недоÑеÑÑ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи, позволÑÑÑие комÑ
Ñгодно подглÑдÑваÑÑ ÑеÑез ниÑ
</a>.</p>
-</li>
+ <p>GNU/Linux в анÑивиÑÑÑаÑ
не нÑждаеÑÑÑ.</p>
+ </li>
-<li>
-<p>
-Ð “инÑеллекÑÑалÑном доме” компании
Samsung еÑÑÑ Ð±Ð¾Ð»ÑÑÐ°Ñ Ð¿ÑоÑеÑ
а
+ <li id="M201605020">
+ <p>Ð “инÑеллекÑÑалÑном доме”
компании Samsung еÑÑÑ Ð±Ð¾Ð»ÑÑÐ°Ñ Ð¿ÑоÑеÑ
а
безопаÑноÑÑи; <a
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">лÑди
могÑÑ Ð¿Ð¾Ð»ÑÑаÑÑ Ð½ÐµÑанкÑиониÑованнÑй
ÑдаленнÑй конÑÑÐ¾Ð»Ñ Ð½Ð°Ð´ ним</a>.</p>
-<p>Samsung заÑвлÑеÑ, ÑÑо ÑÑо “оÑкÑÑÑає
плаÑÑоÑма, Ñак ÑÑо за
+ <p>Samsung заÑвлÑеÑ, ÑÑо ÑÑо “оÑкÑÑÑає
плаÑÑоÑма, Ñак ÑÑо за
пÑÐ¾Ð±Ð»ÐµÐ¼Ñ ÑаÑÑиÑно оÑвеÑÑÑвеннÑ
ÑазÑабоÑÑики пÑиложений. ÐÑо, ÑазÑмееÑÑÑ,
веÑно, еÑли ÑÑи пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð½ÐµÑвободнÑ.</p>
-<p>ÐÑе, ÑÑо назÑваеÑÑÑ
“инÑеллекÑÑалÑнÑм”, ÑкоÑее вÑего,
бÑдеÑ
+ <p>ÐÑе, ÑÑо назÑваеÑÑÑ
“инÑеллекÑÑалÑнÑм”, ÑкоÑее вÑего,
бÑдеÑ
водиÑÑ Ð²Ð°Ñ Ð·Ð° ноÑ.</p>
-</li>
-
-<li>
-<p>
-Ð Nissan Leaf еÑÑÑ Ð²ÑÑÑоеннÑй ÑелеÑоннÑй модем,
позволÑÑÑий ÑакÑиÑеÑки комÑ
-Ñгодно <a
-href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">полÑÑаÑÑ
-ÑдаленнÑй доÑÑÑп к компÑÑÑеÑам и вноÑиÑÑ
Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð² ÑазлиÑнÑе
-наÑÑÑойки</a>.</p>
-
-<p>ÐÑо неÑÑÑдно поÑомÑ, ÑÑо в ÑиÑÑеме неÑ
пÑовеÑки подлинноÑÑи полÑзоваÑÐµÐ»Ñ Ð¿Ñи
-доÑÑÑпе по модемÑ. Ðднако даже еÑли бÑ
модем пÑоводил пÑовеÑкÑ, нелÑÐ·Ñ Ð±Ñло
-Ð±Ñ Ð±ÑÑÑ ÑвеÑеннÑми, ÑÑо Ñ Nissan Ð½ÐµÑ Ð´Ð¾ÑÑÑпа.
ÐÑогÑÐ°Ð¼Ð¼Ñ Ð² авÑомобиле
-неÑвободнÑ, <a
href="/philosophy/free-software-even-more-important.html">ÑÑо
-знаÑиÑ, они ÑÑебÑÑÑ Ð¾Ñ Ð¿Ð¾Ð»ÑзоваÑелей
Ñлепой веÑÑ</a>.</p>
+ </li>
-<p>Ðаже еÑли никÑо не подклÑÑаеÑÑÑ Ðº
авÑÐ¾Ð¼Ð¾Ð±Ð¸Ð»Ñ Ð½Ð° ÑаÑÑÑоÑнии, модем ÑоÑовой
-ÑвÑзи позволÑÐµÑ ÑелеÑонной компании
поÑÑоÑнно оÑÑлеживаÑÑ Ð¿ÐµÑемеÑениÑ
-авÑомобилÑ; Ñ
оÑÑ Ð¼Ð¾Ð¶Ð½Ð¾ ÑизиÑеÑки ÑдалиÑÑ
модем ÑоÑовой ÑвÑзи.</p>
-</li>
+ <li id="M201604120">
+ <p>ÐÑибка в Messages, пÑиложении длÑ
ай-ÑÑÑÑек, <a
+href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">
+позволила вÑедоноÑÐ½Ð¾Ð¼Ñ ÑайÑÑ Ð¸Ð·Ð²Ð»ÐµÑÑ Ð²ÑÑ
иÑÑоÑÐ¸Ñ ÑообÑений полÑзоваÑелÑ</a>.</p>
+ </li>
-<li>
-<p>
-<a
+ <li id="M201604110">
+ <p><a
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">Ð
видеокамеÑаÑ
ÑиÑÑем безопаÑноÑÑи,
пÑодаваемÑÑ
ÑеÑез Amazon</a>, найденÑ
-вÑедоноÑнÑе пÑогÑаммÑ.
-</p>
+вÑедоноÑнÑе пÑогÑаммÑ.</p>
-<p>ÐамеÑа, коÑоÑÐ°Ñ Ð·Ð°Ð¿Ð¸ÑÑÐ²Ð°ÐµÑ Ð½Ð° Ñвой
ÑизиÑеÑкий ноÑиÑÐµÐ»Ñ Ð¸ Ñ ÐºÐ¾ÑоÑой неÑ
+ <p>ÐамеÑа, коÑоÑÐ°Ñ Ð·Ð°Ð¿Ð¸ÑÑÐ²Ð°ÐµÑ Ð½Ð° Ñвой
ÑизиÑеÑкий ноÑиÑÐµÐ»Ñ Ð¸ Ñ ÐºÐ¾ÑоÑой неÑ
ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ñ ÑеÑÑÑ, не ÑгÑÐ¾Ð¶Ð°ÐµÑ Ð»ÑдÑм
Ñлежкой — ÑеÑез нее за
лÑдÑми не бÑдÑÑ Ð¿Ð¾Ð³Ð»ÑдÑваÑÑ, и вÑедоноÑнÑе
пÑогÑÐ°Ð¼Ð¼Ñ Ð² камеÑе в ÑÑом
-оÑноÑении Ñоже не пÑедÑÑавлÑÑÑ ÑгÑозÑ.
-</p>
-</li>
+оÑноÑении Ñоже не пÑедÑÑавлÑÑÑ ÑгÑозÑ.</p>
+ </li>
-<li>
-<p>ÐÑибка в Messages, пÑиложении Ð´Ð»Ñ Ð°Ð¹-ÑÑÑÑек, <a
-href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">
-позволила вÑедоноÑÐ½Ð¾Ð¼Ñ ÑайÑÑ Ð¸Ð·Ð²Ð»ÐµÑÑ Ð²ÑÑ
иÑÑоÑÐ¸Ñ ÑообÑений полÑзоваÑелÑ</a>.
-</p>
-</li>
+ <li id="M201603220">
+ <p>РкамеÑаÑ
наблÑÐ´ÐµÐ½Ð¸Ñ Ð±Ð¾Ð»ÐµÐµ 70 маÑок
обнаÑÑÐ¶ÐµÐ½Ñ <a
+href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">недоÑеÑÑ
+безопаÑноÑÑи, позволÑÑÑие ÐºÐ¾Ð¼Ñ Ñгодно
подглÑдÑваÑÑ ÑеÑез ниÑ
</a>.</p>
+ </li>
-<li>
-<p>Ðногие неÑвободнÑе пÑогÑÐ°Ð¼Ð¼Ñ Ð¿Ð»Ð°Ñежей <a
+ <li id="M201603100">
+ <p>Ðногие неÑвободнÑе пÑогÑÐ°Ð¼Ð¼Ñ Ð¿Ð»Ð°Ñежей
<a
href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">
пеÑедаÑÑ Ð´Ð°Ð½Ð½Ñе незаÑиÑеннÑм обÑазом</a>.
Ðднако еÑе Ñ
Ñже Ñо, ÑÑо в ÑÑиÑ
пÑиложениÑÑ
<a
href="/philosophy/surveillance-vs-democracy.html">плаÑежи не
-анонимнÑ</a>.
-</p>
-</li>
+анонимнÑ</a>.</p>
+ </li>
-<li>
-<p>
-Ð ÑизкÑлÑÑÑÑнÑÑ
ÑÑÑÑойÑÑваÑ
FitBit <a
-href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
-еÑÑÑ ÑÑзвимоÑÑÑ Bluetooth</a>, позволÑÑÑаÑ
поÑÑлаÑÑ Ð² ÑÑÑÑойÑÑва вÑедоноÑнÑе
-пÑогÑаммÑ, коÑоÑÑе заÑем могÑÑ
ÑаÑпÑоÑÑÑанÑÑÑÑÑ Ð¿Ð¾ компÑÑÑеÑам и дÑÑгим
-ÑÑÑÑойÑÑвам FitBit, Ñ ÐºÐ¾ÑоÑÑми они
взаимодейÑÑвÑÑÑ.
-</p>
-</li>
+ <li id="M201602240">
+ <p id="nissan-modem">Ð Nissan Leaf еÑÑÑ Ð²ÑÑÑоеннÑй
ÑелеÑоннÑй модем, позволÑÑÑий ÑакÑиÑеÑки
комÑ
+Ñгодно <a
+href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">полÑÑаÑÑ
+ÑдаленнÑй доÑÑÑп к компÑÑÑеÑам и вноÑиÑÑ
Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð² ÑазлиÑнÑе
+наÑÑÑойки</a>.</p>
-<li>
-<p>
-“СамоÑиÑÑÑÑÑиеÑÑ” жеÑÑкие диÑки
ÑиÑÑÑÑÑ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð½ÐµÑвободнÑÑ
-внÑÑÑенниÑ
пÑогÑамм, Ñак ÑÑо Ð²Ñ Ð½Ðµ можеÑе
им довеÑÑÑÑ. У диÑков “My
-Passport” компании Western Digital <a
-href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">еÑÑÑ
-ÑеÑнÑй Ñ
од</a>.
-</p>
-</li>
+ <p>ÐÑо неÑÑÑдно поÑомÑ, ÑÑо в ÑиÑÑеме неÑ
пÑовеÑки подлинноÑÑи полÑзоваÑÐµÐ»Ñ Ð¿Ñи
+доÑÑÑпе по модемÑ. Ðднако даже еÑли бÑ
модем пÑоводил пÑовеÑкÑ, нелÑÐ·Ñ Ð±Ñло
+Ð±Ñ Ð±ÑÑÑ ÑвеÑеннÑми, ÑÑо Ñ Nissan Ð½ÐµÑ Ð´Ð¾ÑÑÑпа.
ÐÑогÑÐ°Ð¼Ð¼Ñ Ð² авÑомобиле
+неÑвободнÑ, <a
href="/philosophy/free-software-even-more-important.html">ÑÑо
+знаÑиÑ, они ÑÑебÑÑÑ Ð¾Ñ Ð¿Ð¾Ð»ÑзоваÑелей
Ñлепой веÑÑ</a>.</p>
-<li>
-<p>
-Ð Mac OS X <a
-href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
-в ÑеÑение 4 Ð»ÐµÑ Ð¿ÑеднамеÑенно ÑоÑ
ÑанÑлÑÑ ÑеÑнÑй Ñ
од</a>, коÑоÑÑм
-взломÑики могли воÑполÑзоваÑÑÑÑ, ÑÑобÑ
полÑÑиÑÑ Ð¿Ñава админиÑÑÑаÑоÑа.
-</p>
-</li>
+ <p>Ðаже еÑли никÑо не подклÑÑаеÑÑÑ Ðº
авÑÐ¾Ð¼Ð¾Ð±Ð¸Ð»Ñ Ð½Ð° ÑаÑÑÑоÑнии, модем ÑоÑовой
+ÑвÑзи позволÑÐµÑ ÑелеÑонной компании
поÑÑоÑнно оÑÑлеживаÑÑ Ð¿ÐµÑемеÑениÑ
+авÑомобилÑ; Ñ
оÑÑ Ð¼Ð¾Ð¶Ð½Ð¾ ÑизиÑеÑки ÑдалиÑÑ
модем ÑоÑовой ÑвÑзи.</p>
+ </li>
+
+ <li id="M201510210">
+ <p><a
+href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">ÑÑзвимоÑÑÑ
+Bluetooth</a>, позволÑÑÑÐ°Ñ Ð¿Ð¾ÑÑлаÑÑ Ð² ÑÑÑÑойÑÑва
вÑедоноÑнÑе пÑогÑаммÑ,
+коÑоÑÑе заÑем могÑÑ ÑаÑпÑоÑÑÑанÑÑÑÑÑ Ð¿Ð¾
компÑÑÑеÑам и дÑÑгим ÑÑÑÑойÑÑвам
+FitBit, Ñ ÐºÐ¾ÑоÑÑми они взаимодейÑÑвÑÑÑ.</p>
+ </li>
+
+ <li id="M201510200">
+ <p>“СамоÑиÑÑÑÑÑиеÑÑ” жеÑÑкие диÑки
ÑиÑÑÑÑÑ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð½ÐµÑвободнÑÑ
+внÑÑÑенниÑ
пÑогÑамм, Ñак ÑÑо Ð²Ñ Ð½Ðµ можеÑе
им довеÑÑÑÑ. <a
+href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">У
+диÑков “My Passport” компании Western Digital
еÑÑÑ ÑеÑнÑй
+Ñ
од</a>.</p>
+ </li>
-<li>
-<p>СпеÑиалиÑÑÑ Ð¿Ð¾ безопаÑноÑÑи обнаÑÑжили <a
+ <li id="M201508120">
+ <p>СпеÑиалиÑÑÑ Ð¿Ð¾ безопаÑноÑÑи
обнаÑÑжили <a
href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
ÑÑзвимоÑÑÑ Ð² диагноÑÑиÑеÑкиÑ
ÑÑÑÑойÑÑваÑ
,
пÑименÑемÑÑ
Ð´Ð»Ñ ÑÑÑаÑ
Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¸
оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð¼Ð°ÑÑÑÑÑов</a>, коÑоÑаÑ
позволÑла им полÑÑиÑÑ ÑдаленнÑй конÑÑолÑ
-над авÑомобилÑми поÑÑедÑÑвом SMS.
-</p>
-</li>
+над авÑомобилÑми поÑÑедÑÑвом SMS.</p>
+ </li>
-<li>
-<p>
-ÐзломÑикам ÑдалоÑÑ <a
+ <li id="M201507214">
+ <p>ÐзломÑикам ÑдалоÑÑ <a
href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">
-полÑÑиÑÑ ÑдаленнÑй конÑÑÐ¾Ð»Ñ Ð½Ð°Ð´ джипом</a>
“Ñ Ñоединением”.
-<br/>Ðни могли ÑледиÑÑ Ð·Ð° авÑомобилем,
запÑÑкаÑÑ Ð¸ оÑÑанавливаÑÑ Ð´Ð²Ð¸Ð³Ð°ÑелÑ,
-вклÑÑаÑÑ Ð¸ вÑклÑÑаÑÑ ÑоÑмоз, а Ñакже
многое дÑÑгое.
-</p>
-<p>
-Я дÑмаÑ, ÑÑо ÐÑайÑÐ»ÐµÑ Ð¸ ÐÐÐ Ñоже ÑÑо могÑÑ.
-</p>
-<p>
-ÐÑли Ñ Ð¼ÐµÐ½Ñ ÐºÐ¾Ð³Ð´Ð°-нибÑÐ´Ñ Ð±ÑÐ´ÐµÑ Ð¼Ð°Ñина и в
ней бÑÐ´ÐµÑ Ð¼Ð¾Ð±Ð¸Ð»ÑнÑй ÑелеÑон, Ñ ÐµÐ³Ð¾
-вÑклÑÑÑ.
-</p>
-</li>
+полÑÑиÑÑ ÑдаленнÑй конÑÑÐ¾Ð»Ñ Ð½Ð°Ð´ джипом</a>
“Ñ Ñоединением”.</p>
-<li>
-<p>
-ÐнÑÑзионнÑе наÑоÑÑ Hospira, пÑименÑемÑе длÑ
ввода болÑнÑм лекаÑÑÑв, бÑли
+ <p>Я дÑмаÑ, ÑÑо ÐÑайÑÐ»ÐµÑ Ð¸ ÐÐÐ Ñоже ÑÑо
могÑÑ.</p>
+
+ <p>ÐÑли Ñ Ð¼ÐµÐ½Ñ ÐºÐ¾Ð³Ð´Ð°-нибÑÐ´Ñ Ð±ÑÐ´ÐµÑ Ð¼Ð°Ñина и
в ней бÑÐ´ÐµÑ Ð¼Ð¾Ð±Ð¸Ð»ÑнÑй ÑелеÑон, Ñ ÐµÐ³Ð¾
+вÑклÑÑÑ.</p>
+ </li>
+
+ <li id="M201506080">
+ <p>Ðз-за плоÑ
ой заÑиÑÑ Ð² инÑÑзионном
наÑоÑе взломÑики могÑÑ Ð¸ÑполÑзоваÑÑ ÐµÐ³Ð¾
+Ð´Ð»Ñ <a
+href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">ÑбийÑÑва
+паÑиенÑов</a>.</p>
+ </li>
+
+ <li id="M201505294">
+ <p><a
+href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
+Ðногие пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð´Ð»Ñ ÑмаÑÑÑонов
пÑименÑÑÑ Ð½ÐµÐ±ÐµÐ·Ð¾Ð¿Ð°ÑнÑе меÑодÑ
+аÑÑенÑиÑикаÑии пÑи Ñ
Ñанении ваÑиÑ
лиÑнÑÑ
даннÑÑ
на ÑдаленнÑÑ
+ÑеÑвеÑаÑ
</a>. ÐÑо подвеÑÐ³Ð°ÐµÑ Ð¾Ð¿Ð°ÑноÑÑи
ÑакÑÑ Ð»Ð¸ÑнÑÑ Ð¸Ð½ÑоÑмаÑиÑ, как адÑеÑа
+ÑлекÑÑонной поÑÑÑ, паÑоли, а Ñакже
медиÑинÑкие даннÑе. ÐоÑколÑÐºÑ Ð¼Ð½Ð¾Ð³Ð¸Ðµ из
+ÑÑиÑ
пÑиложений неÑвободнÑ, ÑÑÑдно, еÑли
вообÑе возможно, ÑзнаÑÑ, какие
+пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð´Ð²ÐµÑÐ¶ÐµÐ½Ñ ÑÑомÑ.</p>
+ </li>
+
+ <li id="M201505050">
+ <p>ÐнÑÑзионнÑе наÑоÑÑ Hospira, пÑименÑемÑе
Ð´Ð»Ñ Ð²Ð²Ð¾Ð´Ð° болÑнÑм лекаÑÑÑв, бÑли
оÑмеÑÐµÐ½Ñ ÑпеÑиалиÑÑом по безопаÑноÑÑи как
“<a
href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">ÑамÑе
плоÑ
о заÑиÑеннÑе ÑеÑевÑе ÑÑÑÑойÑÑва из
вÑеÑ
, какие Ñ ÐºÐ¾Ð³Ð´Ð°-либо
-видел</a>”.
-</p>
-<p>
-Ð ÑлÑÑае некоÑоÑÑÑ
пÑепаÑаÑов ÑÑо даеÑ
злоÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð½Ð¾ÑÑÑ Ð²Ð²ÐµÑÑи
-паÑиенÑÑ ÑмеÑÑелÑнÑÑ Ð´Ð¾Ð·Ñ.
-</p>
-</li>
+видел</a>”.</p>
-<li>
-<p>
-Ðз-за плоÑ
ой заÑиÑÑ Ð² инÑÑзионном наÑоÑе
взломÑики могÑÑ Ð¸ÑполÑзоваÑÑ ÐµÐ³Ð¾
-Ð´Ð»Ñ <a
-href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">ÑбийÑÑва
-паÑиенÑов</a>.
-</p>
-</li>
+ <p>Ð ÑлÑÑае некоÑоÑÑÑ
пÑепаÑаÑов ÑÑо даеÑ
злоÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð½Ð¾ÑÑÑ Ð²Ð²ÐµÑÑи
+паÑиенÑÑ ÑмеÑÑелÑнÑÑ Ð´Ð¾Ð·Ñ.</p>
+ </li>
-<li>
-<p>
-<a
-href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ <li id="M201504090">
+ <p>Ð Mac OS X <a
+href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
+в ÑеÑение 4 Ð»ÐµÑ Ð¿ÑеднамеÑенно ÑоÑ
ÑанÑлÑÑ ÑеÑнÑй Ñ
од</a>, коÑоÑÑм
+взломÑики могли воÑполÑзоваÑÑÑÑ, ÑÑобÑ
полÑÑиÑÑ Ð¿Ñава админиÑÑÑаÑоÑа.</p>
+ </li>
+
+ <li id="M201405190">
+ <p>ÐÑиложение Ð´Ð»Ñ Ð¿ÑедоÑвÑаÑениÑ
“кÑажи лиÑноÑÑи” (доÑÑÑпа к лиÑнÑм
+даннÑм), Ñ
ÑанивÑее даннÑе полÑзоваÑÐµÐ»Ñ Ð½Ð°
оÑобом ÑеÑвеÑе, <a
+href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">бÑло
+вÑклÑÑено ÑазÑабоÑÑиком ÑÑого
пÑиложениÑ</a>, коÑоÑÑй обнаÑÑжил бÑеÑÑ Ð²
+заÑиÑе.</p>
+
+ <p>ÐажеÑÑÑ, ÑÑÐ¾Ñ ÑазÑабоÑÑик
добÑоÑовеÑÑно заÑиÑÐ°ÐµÑ Ð»Ð¸ÑнÑе даннÑе оÑ
ÑÑеÑÑиÑ
+ÑÑоÑон вообÑе, но он не Ð¼Ð¾Ð¶ÐµÑ Ð·Ð°ÑиÑиÑÑ ÑÑи
даннÑе Ð¾Ñ Ð³Ð¾ÑÑдаÑÑÑва. СовÑем
+наобоÑоÑ: пеÑедаÑа ваÑиÑ
даннÑÑ
ÑÑжомÑ
ÑеÑвеÑÑ, еÑли Ð²Ñ Ð½Ðµ ÑиÑÑÑеÑе иÑ
+пÑедваÑиÑелÑно Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑвободнÑÑ
пÑогÑамм, подÑÑÐ²Ð°ÐµÑ Ð²Ð°Ñи пÑава.</p>
+ </li>
+
+ <li id="M201404250">
+ <p>Ðного <a
+href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">болÑниÑного
+обоÑÑÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ Ð·Ð°ÑиÑено паÑÑиво</a>, и ÑÑо
Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ ÑмеÑÑелÑно.</p>
+ </li>
+
+ <li id="M201402210">
+ <p><a
+href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">ÑÑзвимоÑÑÑ
+WhatsApp</a> Ð´ÐµÐ»Ð°ÐµÑ Ð¿Ð¾Ð´ÑлÑÑивание пÑоÑе
пÑоÑÑого.</p>
+ </li>
+
+ <li id="M201312290">
+ <p><a href="http://www.bunniestudios.com/blog/?p=3554"> Ð
некоÑоÑÑÑ
видаÑ
+поÑÑаÑивной памÑÑи еÑÑÑ Ð¿ÑогÑаммÑ,
коÑоÑÑе можно изменÑÑÑ</a>. ÐÑо Ð´ÐµÐ»Ð°ÐµÑ Ð¸Ñ
+ÑÑзвимÑми Ð´Ð»Ñ Ð²Ð¸ÑÑÑов.</p>
+
+ <p>ÐÑ Ð½Ðµ назÑваем ÑÑо “ÑеÑнÑм Ñ
одом”, Ð²ÐµÐ´Ñ Ñо, ÑÑо Ð²Ñ Ð¼Ð¾Ð¶ÐµÑе
+ÑÑÑановиÑÑ Ð½Ð¾Ð²ÑÑ ÑиÑÑÐµÐ¼Ñ Ð½Ð° компÑÑÑеÑ, к
коÑоÑÐ¾Ð¼Ñ Ñ Ð²Ð°Ñ ÐµÑÑÑ ÑизиÑеÑкий
+доÑÑÑп — ÑÑо ноÑмалÑно. Ðднако Ñ ÐºÐ°ÑÑ
памÑÑи не должно бÑÑÑ
+возможноÑÑи ÑакиÑ
изменений.</p>
+ </li>
+
+ <li id="M201312040">
+ <p><a
+href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
+ТеÑÐ¼Ð¸Ð½Ð°Ð»Ñ Ð² меÑÑаÑ
пÑодаж, ÑабоÑаÑÑие под
ÑпÑавлением Windows, бÑли взÑÑÑ
+под конÑÑолÑ</a> и обÑаÑенÑ
злоÑмÑÑленниками в ÑеÑÑ ÑбоÑа номеÑов
кÑедиÑнÑÑ
+каÑÑ ÐºÐ»Ð¸ÐµÐ½Ñов.</p>
+ </li>
+
+ <li id="M201311120">
+ <p><a
+href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
ÐÐÐ Ð¼Ð¾Ð¶ÐµÑ Ð·Ð°Ð³Ð»ÑдÑваÑÑ Ð² даннÑе на
ÑмаÑÑÑонаÑ
, в Ñом ÑиÑле на iPhone, Android
и BlackBerry</a>. ХоÑÑ Ð¿Ð¾Ð´ÑобноÑÑи здеÑÑ Ð½Ðµ
пÑиводÑÑÑÑ, поÑ
оже, ÑÑо ÑабоÑаеÑ
не как ÑнивеÑÑалÑнÑй ÑеÑнÑй Ñ
од, коÑоÑÑй,
как Ð¼Ñ Ð·Ð½Ð°ÐµÐ¼, еÑÑÑ Ð¿Ð¾ÑÑи во вÑеÑ
мобилÑнÑÑ
ÑелеÑонаÑ
. ÐÑо Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ
ÑвÑзано Ñ ÑкÑплÑаÑаÑией ÑазлиÑнÑÑ
оÑибок. <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
-РпÑогÑаммаÑ
ÑадиоаппаÑаÑÑÑÑ ÑелеÑонов
еÑÑÑ Ð¼Ð½Ð¾Ð¶ÐµÑÑво оÑибок</a>.
-</p>
-</li>
-
-<li>
-<p>Ð ÑиÑÑÐµÐ¼Ñ <a
-href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
-“инÑеллекÑÑалÑнÑÑ
домов”</a>,
оказÑваеÑÑÑ, до идиоÑизма легко
-пÑоникнÑÑÑ.</p>
-</li>
-
-<li>
-<p><a
-href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">ÑÑзвимоÑÑÑ
-WhatsApp</a> Ð´ÐµÐ»Ð°ÐµÑ Ð¿Ð¾Ð´ÑлÑÑивание пÑоÑе
пÑоÑÑого.</p>
-</li>
+РпÑогÑаммаÑ
ÑадиоаппаÑаÑÑÑÑ ÑелеÑонов
еÑÑÑ Ð¼Ð½Ð¾Ð¶ÐµÑÑво оÑибок</a>.</p>
+ </li>
-<li>
-<p><a
+ <li id="M201309054">
+ <p><a
+href="http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security">
+NSA ÑаÑÐ¿Ð¾Ð»Ð°Ð³Ð°ÐµÑ Ð»Ð°Ð·ÐµÐ¹ÐºÐ°Ð¼Ð¸ в неÑвободнÑÑ
кÑипÑогÑаÑиÑеÑкиÑ
пÑогÑаммаÑ
</a>. ÐÑ
+не знаем, в какиÑ
именно, но Ð¼Ñ Ð¼Ð¾Ð¶ÐµÐ¼ бÑÑÑ
ÑвеÑенÑ, ÑÑо ÑÑеди ниÑ
еÑÑÑ
+ÑиÑоко пÑименÑемÑе ÑиÑÑемÑ. ÐÑо ÑлÑжиÑ
подÑвеÑждением ÑÐ¾Ð¼Ñ ÑакÑÑ, ÑÑо
+никогда нелÑÐ·Ñ ÑаÑÑÑиÑÑваÑÑ Ð½Ð°
безопаÑноÑÑÑ Ð½ÐµÑвободнÑÑ
пÑогÑамм.</p>
+ </li>
+
+ <li id="M201309050">
+ <p>ФедеÑалÑÐ½Ð°Ñ ÑоÑÐ³Ð¾Ð²Ð°Ñ ÐºÐ¾Ð¼Ð¸ÑÑиÑ
наказала ÐºÐ¾Ð¼Ð¿Ð°Ð½Ð¸Ñ Ð·Ð° пÑоизводÑÑво ÑеÑевÑÑ
+ÐºÐ°Ð¼ÐµÑ Ñ Ñакой Ñлабой заÑиÑой, <a
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
-ФедеÑалÑÐ½Ð°Ñ ÑоÑÐ³Ð¾Ð²Ð°Ñ ÐºÐ¾Ð¼Ð¸ÑÑÐ¸Ñ Ð½Ð°ÐºÐ°Ð·Ð°Ð»Ð°
ÐºÐ¾Ð¼Ð¿Ð°Ð½Ð¸Ñ Ð·Ð° пÑоизводÑÑво ÑеÑевÑÑ
-камеÑ, безопаÑноÑÑÑ ÐºÐ¾ÑоÑÑÑ
бÑла
наÑÑолÑко плоÑ
а, ÑÑо каждÑй легко мог
-глÑдеÑÑ ÑеÑез ниÑ
</a>.
-</p>
-</li>
+ÑÑо каждÑй мог легко глÑдеÑÑ ÑеÑез ниÑ
</a>.</p>
+ </li>
-<li>
-<p><a
-href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">
-Ðад некоÑоÑÑми авÑомобилÑнÑми
компÑÑÑеÑÑми можно полÑÑиÑÑ ÐºÐ¾Ð½ÑÑÐ¾Ð»Ñ Ñ
помоÑÑÑ
-вÑедоноÑнÑÑ
пÑогÑамм в ÑайлаÑ
Ñ Ð¼ÑзÑкой</a>.
Ð Ñакже <a
-href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">по
-Ñадио</a>. ÐÑÑгие ÑÐ²ÐµÐ´ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ найÑи <a
-href="http://www.autosec.org/faq.html">на ÑайÑе ЦенÑÑа
авÑомобилÑной
-безопаÑноÑÑи и конÑиденÑиалÑноÑÑи</a>.
-</p>
-</li>
+ <li id="M201308060">
+ <p><a href="http://spritesmods.com/?art=hddhack&page=6">
ÐеÑезапиÑÑваемÑе
+неÑвободнÑе пÑогÑÐ°Ð¼Ð¼Ñ Ð² конÑÑоллеÑаÑ
диÑков могÑÑ Ð·Ð°Ð¼ÐµÐ½ÑÑÑÑÑ Ð½ÐµÑвободной
+пÑогÑаммой</a>. ÐÑо Ð´ÐµÐ»Ð°ÐµÑ Ð»ÑбÑÑ ÑиÑÑемÑ
ÑÑзвимой по оÑноÑÐµÐ½Ð¸Ñ Ðº
+неÑÑÑÑанÑемÑм аÑакам, коÑоÑÑе не
обнаÑÑживаÑÑÑÑ Ð¾Ð±ÑÑнÑм анализом.</p>
+ </li>
-<li>
-<p><a
+ <li id="M201307270">
+ <p> <a
href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">
ÐолÑÑив конÑÑÐ¾Ð»Ñ Ð½Ð°Ð´ вживленнÑми
медиÑинÑкими ÑÑÑÑойÑÑвами по Ñадио, можно
ÑбиваÑÑ Ð»Ñдей</a>. ÐодÑобноÑÑи Ñм. <a
href="http://www.bbc.co.uk/news/technology-17631838"> на ÑайÑе
Ðи-Ðи-Си</a>
и <a
-href="https://web.archive.org/web/20180203130244/http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">
-в блоге IOActive</a>.
-</p>
-</li>
-
-<li>
-<p>Ðного <a
-href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">болÑниÑного
-обоÑÑÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ Ð·Ð°ÑиÑено паÑÑиво</a>, и ÑÑо
Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ ÑмеÑÑелÑно.
-</p>
-</li>
-
-<li>
-<p><a
-href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
-ТеÑÐ¼Ð¸Ð½Ð°Ð»Ñ Ð² меÑÑаÑ
пÑодаж, ÑабоÑаÑÑие под
ÑпÑавлением Windows, бÑли обÑаÑенÑ
-злоÑмÑÑленниками в ÑеÑÑ ÑбоÑа номеÑов
кÑедиÑнÑÑ
каÑÑ ÐºÐ»Ð¸ÐµÐ½Ñов</a>.
-</p>
-</li>
-
-<li>
-<p>ÐÑиложение Ð´Ð»Ñ Ð¿ÑедоÑвÑаÑÐµÐ½Ð¸Ñ “кÑажи
лиÑноÑÑи” (доÑÑÑпа к лиÑнÑм
-даннÑм), Ñ
ÑанивÑее даннÑе полÑзоваÑÐµÐ»Ñ Ð½Ð°
оÑобом ÑеÑвеÑе, <a
-href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">бÑло
-вÑклÑÑено ÑазÑабоÑÑиком ÑÑого
пÑиложениÑ</a>, коÑоÑÑй обнаÑÑжил бÑеÑÑ Ð²
-заÑиÑе.
-</p>
-
-<p>
-ÐажеÑÑÑ, ÑÑÐ¾Ñ ÑазÑабоÑÑик добÑоÑовеÑÑно
заÑиÑÐ°ÐµÑ Ð»Ð¸ÑнÑе даннÑе Ð¾Ñ ÑÑеÑÑиÑ
-ÑÑоÑон вообÑе, но он не Ð¼Ð¾Ð¶ÐµÑ Ð·Ð°ÑиÑиÑÑ ÑÑи
даннÑе Ð¾Ñ Ð³Ð¾ÑÑдаÑÑÑва. СовÑем
-наобоÑоÑ: пеÑедаÑа ваÑиÑ
даннÑÑ
ÑÑжомÑ
ÑеÑвеÑÑ, еÑли Ð²Ñ Ð½Ðµ ÑиÑÑÑеÑе иÑ
-пÑедваÑиÑелÑно Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑвободнÑÑ
пÑогÑамм, подÑÑÐ²Ð°ÐµÑ Ð²Ð°Ñи пÑава.
-</p>
-</li>
+href="https://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">
+в блоге лабоÑаÑоÑии IOActive</a>.</p>
+ </li>
-<li>
-<p><a href="http://www.bunniestudios.com/blog/?p=3554"> РнекоÑоÑÑÑ
видаÑ
-поÑÑаÑивной памÑÑи еÑÑÑ Ð¿ÑогÑаммÑ,
коÑоÑÑе можно изменÑÑÑ</a>. ÐÑо Ð´ÐµÐ»Ð°ÐµÑ Ð¸Ñ
-ÑÑзвимÑми Ð´Ð»Ñ Ð²Ð¸ÑÑÑов.</p>
-
-<p>ÐÑ Ð½Ðµ назÑваем ÑÑо “ÑеÑнÑм Ñ
одом”,
поÑÐ¾Ð¼Ñ ÑÑо когда Ð²Ñ Ð¿Ð¾Ð»ÑÑаеÑе
-ÑизиÑеÑкий доÑÑÑп к компÑÑÑеÑÑ, вÑ, как
пÑавило, можеÑе ÑÑÑановиÑÑ Ð½Ð° нем
-новÑÑ ÑиÑÑемÑ. Ðднако Ñ ÐºÐ°ÑÑ Ð¿Ð°Ð¼ÑÑи и
дÑÑгиÑ
ноÑиÑелей не должно бÑÑÑ
-возможноÑÑи ÑакиÑ
изменений.</p>
-</li>
-
-<li>
-<p><a href="http://spritesmods.com/?art=hddhack&page=6">
ÐаменÑемÑе
-неÑвободнÑе пÑогÑÐ°Ð¼Ð¼Ñ Ð½Ð° жеÑÑкиÑ
диÑкаÑ
можно запиÑÑваÑÑ Ð½ÐµÑвободной
-пÑогÑаммой</a>. ÐÑо Ð´ÐµÐ»Ð°ÐµÑ ÑиÑÑÐµÐ¼Ñ ÑÑзвимой
Ð´Ð»Ñ Ð¿Ð¾ÑÑÑннÑÑ
аÑак,
-необнаÑÑжимÑÑ
обÑÑнÑми ÑÑедÑÑвами.</p>
-</li>
+ <li id="M201307260">
+ <p>Ð ÑиÑÑÐµÐ¼Ñ <a
+href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
+“инÑеллекÑÑалÑнÑÑ
домов”</a>,
оказÑваеÑÑÑ, до идиоÑизма легко
+пÑоникнÑÑÑ.</p>
+ </li>
-<li>
-<p><a
-href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
-Ðногие пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð´Ð»Ñ ÑмаÑÑÑонов
пÑименÑÑÑ Ð½ÐµÐ±ÐµÐ·Ð¾Ð¿Ð°ÑнÑе меÑодÑ
-аÑÑенÑиÑикаÑии пÑи Ñ
Ñанении ваÑиÑ
лиÑнÑÑ
даннÑÑ
на ÑдаленнÑÑ
ÑеÑвеÑаÑ
.</a>
-ÐÑо подвеÑÐ³Ð°ÐµÑ Ð¾Ð¿Ð°ÑноÑÑи ÑакÑÑ Ð»Ð¸ÑнÑÑ
инÑоÑмаÑиÑ, как адÑеÑа ÑлекÑÑонной
-поÑÑÑ, паÑоли, а Ñакже медиÑинÑкие даннÑе.
ÐоÑколÑÐºÑ Ð¼Ð½Ð¾Ð³Ð¸Ðµ из ÑÑиÑ
-пÑиложений неÑвободнÑ, ÑÑÑдно, еÑли вообÑе
возможно, ÑзнаÑÑ, какие
-пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð´Ð²ÐµÑÐ¶ÐµÐ½Ñ ÑÑомÑ.</p>
-</li>
+ <li id="M201212170">
+ <p id="break-security-smarttv"><a
+href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
+ÐзломÑики наÑли ÑпоÑоб вÑкÑÑÑÑ Ð·Ð°ÑиÑÑ Ð²
“инÑеллекÑÑалÑном”
+ÑелевизоÑе</a> и воÑполÑзоваÑÑÑÑ ÐµÐ³Ð¾
видеокамеÑой, ÑÑÐ¾Ð±Ñ ÑмоÑÑеÑÑ Ð½Ð° лÑдей,
+коÑоÑÑе ÑмоÑÑÑÑ ÑелевизоÑ.</p>
+ </li>
+ <li id="M201103110">
+ <p><a
+href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">
+Ðад некоÑоÑÑми авÑомобилÑнÑми
компÑÑÑеÑÑми можно полÑÑиÑÑ ÐºÐ¾Ð½ÑÑÐ¾Ð»Ñ Ñ
помоÑÑÑ
+вÑедоноÑнÑÑ
пÑогÑамм в ÑайлаÑ
Ñ Ð¼ÑзÑкой</a>.
Ð Ñакже <a
+href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">по
+Ñадио</a>. ÐÑÑгие ÑÐ²ÐµÐ´ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ найÑи <a
+href="http://www.autosec.org/faq.html">на ÑайÑе ЦенÑÑа
авÑомобилÑной
+безопаÑноÑÑи и конÑиденÑиалÑноÑÑи</a>.</p>
+ </li>
</ul>
+
<div class="translators-notes">
<!--TRANSLATORS: Use space (SPC) as msgstr if you don't have notes.-->
@@ -636,7 +648,7 @@
<p class="unprintable"><!-- timestamp start -->
Ðбновлено:
-$Date: 2018/09/18 17:27:38 $
+$Date: 2018/09/26 18:28:11 $
<!-- timestamp end -->
</p>
Index: po/proprietary-insecurity.ru-en.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-insecurity.ru-en.html,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -b -r1.57 -r1.58
--- po/proprietary-insecurity.ru-en.html 18 Sep 2018 17:27:39 -0000
1.57
+++ po/proprietary-insecurity.ru-en.html 26 Sep 2018 18:28:12 -0000
1.58
@@ -1,5 +1,10 @@
<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.84 -->
+<!--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Generated from propr-blurbs.rec. Please do not edit this file manually !
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-->
<title>Proprietary Insecurity
- GNU Project - Free Software Foundation</title>
<!--#include virtual="/proprietary/po/proprietary-insecurity.translist" -->
@@ -40,492 +45,528 @@
to inform us. Please include the URL of a trustworthy reference or two
to present the specifics.</p>
-<ul>
-<li>
- <p>Some Samsung phones
- randomly <a
href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages">send
+<ul class="blurbs">
+ <li id="M201809240">
+ <p>Researchers have discovered how to <a
+
href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co">
+ hide voice commands in other audio</a>, so that people cannot hear
+ them, but Alexa and Siri can.</p>
+ </li>
+
+ <li id="M201808120">
+ <p>Crackers found a way to break the security of an Amazon device,
+ and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
+ turn it into a listening device</a> for them.</p>
+
+ <p>It was very difficult for them to do this. The job would be much
+ easier for Amazon. And if some government such as China or the US
+ told Amazon to do this, or cease to sell the product in that country,
+ do you think Amazon would have the moral fiber to say no?</p>
+
+ <p>These crackers are probably hackers too, but please <a
+ href="https://stallman.org/articles/on-hacking.html"> don't use
+ “hacking” to mean “breaking security”</a>.</p>
+ </li>
+
+ <li id="M201807100">
+ <p>Siri, Alexa, and all the other voice-control systems can be <a
+
href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">
+ hijacked by programs that play commands in ultrasound that humans
+ can't hear</a>.</p>
+ </li>
+
+ <li id="M201807020">
+ <p>Some Samsung phones randomly <a
+
href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages">send
photos to people in the owner's contact list</a>.</p>
-</li>
-<li>
- <p>One of the dangers of the “internet of stings” is that, if
- you lose your internet service, you also <a
-href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/">
+ </li>
+
+ <li id="M201712240">
+ <p>One of the dangers of the “internet of stings”
+ is that, if you lose your internet service, you also <a
+
href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/">
lose control of your house and appliances</a>.</p>
- <p>For your safety, don't use any appliance with a connection to the real
- internet.</p>
-</li>
-<li>
- <p>Amazon recently invited consumers to be suckers and <a
-href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
- allow delivery staff to open their front doors</a>. Wouldn't you know it,
- the system has a grave security flaw.</p>
-</li>
-<li>
+
+ <p>For your safety, don't use any appliance with a connection to the
+ real internet.</p>
+ </li>
+
+ <li id="M201711204">
<p>Intel's intentional “management engine” back door has <a
-href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/">
+
href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/">
unintended back doors</a> too.</p>
-</li>
-<li>
- <p>Bad security in some cars makes it possible
- to <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937">
+ </li>
+
+ <li id="M201711200">
+ <p>Amazon recently invited consumers to be suckers and <a
+
href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
+ allow delivery staff to open their front doors</a>. Wouldn't you know
+ it, the system has a grave security flaw.</p>
+ </li>
+
+ <li id="M201709290">
+ <p>Bad security in some cars makes it possible to <a
+ href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937">
remotely activate the airbags</a>.</p>
-</li>
-<li>
- <p>A “smart” intravenous pump designed for
- hospitals is connected to the internet. Naturally <a
-href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">
+ </li>
+
+ <li id="M201709200">
+ <p>A “smart” intravenous pump
+ designed for hospitals is connected to the internet. Naturally <a
+
href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">
its security has been cracked</a>.</p>
+
<p>Note that this article misuses the term <a
-href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>
+ href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>
referring to crackers.</p>
-</li>
-<li>
- <p>The bad security in many Internet of Stings devices
- allows <a
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ </li>
+
+ <li id="M201708280">
+ <p>The bad security in many Internet of Stings devices allows <a
+
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
to snoop on the people that use them</a>.</p>
+
<p>Don't be a sucker—reject all the stings.</p>
+
<p>It is unfortunate that the article uses the term <a
- href="/philosophy/words-to-avoid.html#Monetize">
- “monetize”</a>.</p>
-</li>
-<li>
- <p>Siri, Alexa, and all the other voice-control systems can be
- <a
-href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">
- hijacked by programs that play commands in ultrasound that humans can't
- hear</a>.</p>
-</li>
+
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p>
+ </li>
-<li id="break-security-smarttv">
- <p><a
-
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
- Crackers found a way to break security on a “smart” TV</a>
and use its camera
- to watch the people who are watching TV.</p>
-</li>
-<li>
+ <li id="M201706201">
<p>Many models of Internet-connected cameras <a
href="/proprietary/proprietary-back-doors.html#InternetCameraBackDoor">
have backdoors</a>.</p>
- <p>That is a malicious functionality, but in addition it is a gross
- insecurity since anyone, including malicious crackers, <a
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can
find those accounts and use them to get into
- users' cameras</a>.</p>
-
-</li>
-
-<li>
- <p>
- Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
- pre-installed on 28 models of HP laptops logged the user's
- keystroke to a file in the filesystem. Any process with access to
- the filesystem or the MapViewOfFile API could gain access to the
- log. Furthermore, <a
href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">according
- to modzero</a> the “information-leak via Covert Storage
- Channel enables malware authors to capture keystrokes without
- taking the risk of being classified as malicious task by AV
- heuristics”.
- </p>
-</li>
-<li>
-<p>The proprietary code that runs pacemakers, insulin pumps, and other
-medical devices is <a href="http://www.bbc.co.uk/news/technology-40042584">
-full of gross security faults</a>.</p>
-</li>
-
-
-<li>
- <p>Exploits of bugs in Windows, which were developed by the NSA
- and then leaked by the Shadowbrokers group, are now being used to
- <a
href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack
a great number
- of Windows computers with ransomware</a>.
- </p>
-</li>
-
-<li id="intel-me-10-year-vulnerability">
- <p>Intel's CPU backdoor—the Intel Management Engine—had a
- <a
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major
security
- vulnerability for 10 years</a>.</p>
-
- <p>The vulnerability allowed a cracker to access the computer's Intel Active
- Management Technology
- (AMT) <a
href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/">
+ <p>That is a malicious functionality, but in addition it
+ is a gross insecurity since anyone, including malicious crackers, <a
+
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can
+ find those accounts and use them to get into users' cameras</a>.</p>
+ </li>
+
+ <li id="M201706050">
+ <p id="intel-me-10-year-vulnerability">Intel's
+ CPU backdoor—the Intel Management Engine—had a <a
+
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major
+ security vulnerability for 10 years</a>.</p>
+
+ <p>The vulnerability allowed a cracker to access
+ the computer's Intel Active Management Technology (AMT) <a
+
href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/">
web interface with an empty password and gave administrative
- access</a> to access the computer's keyboard, mouse, monitor
- among other privileges.</p>
+ access</a> to access the computer's keyboard, mouse, monitor among
+ other privileges.</p>
<p>It does not help that in newer Intel processors, it is impossible
to turn off the Intel Management Engine. Thus, even users who are
proactive about their security can do nothing to protect themselves
besides using machines that don't come with the backdoor.</p>
+ </li>
-</li>
+ <li id="M201705250">
+ <p>The proprietary code that runs pacemakers,
+ insulin pumps, and other medical devices is <a
+ href="http://www.bbc.co.uk/news/technology-40042584"> full of gross
+ security faults</a>.</p>
+ </li>
+
+ <li id="M201705160">
+ <p>Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
+ pre-installed on 28 models of HP laptops logged the user's keystroke
+ to a file in the filesystem. Any process with access to the filesystem
+ or the MapViewOfFile API could gain access to the log. Furthermore, <a
+
href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">according
+ to modzero</a> the “information-leak via Covert Storage Channel
+ enables malware authors to capture keystrokes without taking the risk
+ of being classified as malicious task by AV heuristics”.</p>
+ </li>
-<li>
- <p>Many Android devices <a
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
+ <li id="M201705120">
+ <p>Exploits of bugs in Windows, which were developed by the NSA
+ and then leaked by the Shadowbrokers group, are now being used to <a
+
href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack
+ a great number of Windows computers with ransomware</a>.</p>
+ </li>
+
+ <li id="M201704050">
+ <p>Many Android devices <a
+
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
can be hijacked through their Wi-Fi chips</a> because of a bug in
Broadcom's non-free firmware.</p>
-</li>
+ </li>
+
+ <li id="M201703270">
+ <p>When Miele's Internet of
+ Stings hospital disinfectant dishwasher is <a
+
href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">
+ connected to the Internet, its security is crap</a>.</p>
+
+ <p>For example, a cracker can gain access to the dishwasher's
+ filesystem, infect it with malware, and force the dishwasher to launch
+ attacks on other devices in the network. Since these dishwashers are
+ used in hospitals, such attacks could potentially put hundreds of
+ lives at risk.</p>
+ </li>
+
+ <li id="M201702200">
+ <p>If you buy a used “smart”
+ car, house, TV, refrigerator, etc., usually <a
+
href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the
+ previous owners can still remotely control it</a>.</p>
+ </li>
+
+ <li id="M201702170">
+ <p>The mobile apps for communicating <a
+
href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with
+ a smart but foolish car have very bad security</a>.</p>
+
+ <p>This is in addition to the fact that the car contains a cellular
+ modem that tells big brother all the time where it is. If you own
+ such a car, it would be wise to disconnect the modem so as to turn
+ off the tracking.</p>
+ </li>
+
+ <li id="M201701270">
+ <p>Samsung phones <a
+
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have
+ a security hole that allows an SMS message to install
+ ransomware</a>.</p>
+ </li>
+
+ <li id="M201701130">
+ <p>WhatsApp has a feature that <a
+
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/">
+ has been described as a “back door”</a> because it would
+ enable governments to nullify its encryption.</p>
-<li>
-<p>When Miele's Internet of Stings hospital disinfectant dishwasher is <a
-href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">
-connected to the Internet, its security is crap</a>.</p>
-
-<p>For example, a cracker can gain access to the dishwasher's filesystem,
-infect it with malware, and force the dishwasher to launch attacks on other
-devices in the network. Since these dishwashers are used in hospitals, such
-attacks could potentially put hundreds of lives at risk.</p>
-
-</li>
-<li><p>WhatsApp has a feature that
- <a
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/">
- has been described as a “back door”</a>
- because it would enable governments to nullify its encryption.</p>
<p>The developers say that it wasn't intended as a back door, and that
may well be true. But that leaves the crucial question of whether it
functions as one. Because the program is nonfree, we cannot check by
- studying it.</p></li>
+ studying it.</p>
+ </li>
-<li>
-<p>The “smart” toys My Friend Cayla and i-Que can be
-<a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely
controlled with a mobile phone</a>; physical access
-is not necessary. This would enable crackers to listen in on a child's
-conversations, and even speak into the toys themselves.</p>
-
-<p>This means a burglar could speak into the toys and ask the child to
-unlock the front door while Mommy's not looking.</p>
-</li>
-
-<li>
-<p>The mobile apps for
-communicating <a
href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with
-a smart but foolish car have very bad security</a>.</p>
-
-<p>This is in addition to the fact that the car contains a cellular
-modem that tells big brother all the time where it is. If you own
-such a car, it would be wise to disconnect the modem so as to turn off
-the tracking.</p>
-</li>
-
-<li>
-<p>If you buy a used “smart” car, house, TV, refrigerator,
-etc.,
-usually <a
href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the
-previous owners can still remotely control it</a>.</p>
-</li>
-
-<li>
-<p>Samsung
-phones <a
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have
-a security hole that allows an SMS message to install
-ransomware</a>.</p>
-</li>
-
-<li>
-<p>4G LTE phone networks are drastically insecure. They can be
-<a
href="https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/">
-taken
-over by third parties and used for man-in-the-middle attacks</a>.</p>
-</li>
-
-<li>
-<p>Due to weak security, <a
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
-is easy to open the doors of 100 million cars built by Volkswagen</a>.</p>
-</li>
-
-<li>
-<p>Ransomware <a
-href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/">
-has been developed for a thermostat that uses proprietary software</a>.</p>
-</li>
-
-<li>
-<p>A <a
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
in
-Internet Explorer and Edge</a> allows an attacker to retrieve
-Microsoft account credentials, if the user is tricked into visiting a
-malicious link.</p>
-</li>
-
-<li>
-<p><a
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“Deleted”
-WhatsApp messages are not entirely deleted</a>. They can be recovered
-in various ways.
-</p>
-</li>
+ <li id="M201612061">
+ <p>The “smart” toys My Friend Cayla and i-Que can be <a
+
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely
+ controlled with a mobile phone</a>; physical access is not
+ necessary. This would enable crackers to listen in on a child's
+ conversations, and even speak into the toys themselves.</p>
+
+ <p>This means a burglar could speak into the toys and ask the child
+ to unlock the front door while Mommy's not looking.</p>
+ </li>
+
+ <li id="M201610230">
+ <p>4G LTE phone networks are drastically insecure. They can be <a
+
href="https://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/">
+ taken over by third parties and used for man-in-the-middle
+ attacks</a>.</p>
+ </li>
+
+ <li id="M201608110">
+ <p>Due to weak security, <a
+
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
+ is easy to open the doors of 100 million cars built by
+ Volkswagen</a>.</p>
+ </li>
+
+ <li id="M201608080">
+ <p>Ransomware <a
+
href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/">
+ has been developed for a thermostat that uses proprietary
+ software</a>.</p>
+ </li>
+
+ <li id="M201608020">
+ <p>A <a
+
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
+ in Internet Explorer and Edge</a> allows an attacker to retrieve
+ Microsoft account credentials, if the user is tricked into visiting
+ a malicious link.</p>
+ </li>
-<li>
-<p>A vulnerability in Apple's Image I/O API allowed an attacker to
-<a
href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">execute
+ <li id="M201607290">
+ <p><a
+
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“Deleted”
+ WhatsApp messages are not entirely deleted</a>. They can be recovered
+ in various ways.</p>
+ </li>
+
+ <li id="M201607220">
+ <p>A vulnerability in Apple's Image I/O API allowed an attacker to <a
+
href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">execute
malicious code from any application which uses this API to render a
certain kind of image file</a>.</p>
-</li>
-<li>
-<p>A bug in a proprietary ASN.1 library, used in cell phone towers as
-well as cell phones and
-routers, <a
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">allows
-taking control of those systems</a>.</p>
-</li>
-
-<li>
-<p>Antivirus programs have so many errors
- that <a
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">they
- may make security worse</a>.</p>
-<p>GNU/Linux does not need antivirus software.</p>
-</li>
-
-<li>
-<p>Over 70 brands of network-connected surveillance
-cameras <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">have
-security bugs that allow anyone to watch through them</a>.</p>
-</li>
-
-<li>
-<p>
-Samsung's “Smart Home” has a big security
-hole; <a
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">unauthorized
-people can remotely control it</a>.</p>
-
-<p>Samsung claims that this is an “open” platform so the
-problem is partly the fault of app developers. That is clearly true if
-the apps are proprietary software.</p>
-
-<p>Anything whose name is “Smart” is most likely going to
-screw you.</p>
-</li>
-
-<li>
-<p>
-The Nissan Leaf has a built-in cell phone modem which allows
-effectively
-anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
-access its computers remotely and make changes in various
-settings</a>.</p>
-
-<p>That's easy to do because the system has no authentication when
-accessed through the modem. However, even if it asked for
-authentication, you couldn't be confident that Nissan has no
-access. The software in the car is
-proprietary, <a href="/philosophy/free-software-even-more-important.html">which
-means it demands blind faith from its users</a>.</p>
-
-<p>Even if no one connects to the car remotely, the cell phone modem
-enables the phone company to track the car's movements all the time;
-it is possible to physically remove the cell phone modem though.</p>
-</li>
-
-<li>
-<p>
-Malware found
-on <a
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">security
-cameras available through Amazon</a>.
-</p>
-
-<p>A camera that records locally on physical media, and has no network
- connection, does not threaten people with surveillance—neither by
- watching people through the camera, nor through malware in the camera.
-</p>
-</li>
-
-<li>
-<p>A bug in the iThings Messages
-app <a
href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed
-a malicious web site to extract all the user's messaging history</a>.
-</p>
-</li>
-
-<li>
-<p>Many proprietary payment apps <a
-href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">
-transmit personal data in an insecure way</a>.
-However, the worse aspect of these apps is that
-<a href="/philosophy/surveillance-vs-democracy.html">payment is not
anonymous</a>.
-</p>
-</li>
-
-<li>
-<p>
-FitBit fitness trackers <a
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
-have a Bluetooth vulnerability</a> that allows
-attackers to send malware to the devices, which can subsequently spread
-to computers and other FitBit trackers that interact with them.
-</p>
-</li>
+ </li>
-<li>
-<p>
-“Self-encrypting” disk drives do the encryption with proprietary
-firmware so you can't trust it. Western Digital's “My Passport”
-drives
-<a
href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">have
a back door</a>.
-</p>
-</li>
-
-<li>
-<p>
-Mac OS X had an
-<a
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
-intentional local back door for 4 years</a>, which could be
-exploited by attackers to gain root privileges.
-</p>
-</li>
-
-<li>
-<p>Security researchers discovered a
-<a
href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
-vulnerability in diagnostic dongles used for vehicle tracking and
-insurance</a> that let them take remote control of a car or
-lorry using an SMS.
-</p>
-</li>
-
-<li>
-<p>
-Crackers were able to
-<a
href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">take
remote control of the Jeep</a>
-“connected car”.
-<br/>They could track the car, start or stop the engine, and
-activate or deactivate the brakes, and more.
-</p>
-<p>
-I expect that Chrysler and the NSA can do this too.
-</p>
-<p>
-If I ever own a car, and it contains a portable phone, I will
-deactivate that.
-</p>
-</li>
-
-<li>
-<p>
-Hospira infusion pumps, which are used to administer drugs to
-a patient, were rated
-“<a
-href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least
-secure IP device I've ever seen</a>”
-by a security researcher.
-</p>
-<p>
-Depending on what drug is being infused, the insecurity could
-open the door to murder.
-</p>
-</li>
-
-<li>
-<p>
-Due to bad security in a drug pump, crackers could use it to
-<a
href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">kill
patients</a>.
-</p>
-</li>
-
-<li>
-<p>
-<a
href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
-The NSA can tap data in smart phones, including iPhones, Android, and
-BlackBerry</a>. While there is not much detail here, it seems that
-this does not operate via the universal back door that we know nearly
-all portable phones have. It may involve exploiting various bugs.
-There
-are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
-lots of bugs in the phones' radio software</a>.
-</p>
-</li>
-
-<li>
-<p><a
href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
-“Smart homes”</a> turn out to be stupidly vulnerable to
-intrusion.</p>
-</li>
-
-<li>
-<p>The
-<a
href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity
of WhatsApp</a>
-makes eavesdropping a snap.</p>
-</li>
-
-<li>
-<p><a
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
-The FTC punished a company for making webcams with bad security so
-that it was easy for anyone to watch them</a>.
-</p>
-</li>
+ <li id="M201607190">
+ <p>A bug in a proprietary ASN.1 library, used
+ in cell phone towers as well as cell phones and routers, <a
+
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">allows
+ taking control of those systems</a>.</p>
+ </li>
+
+ <li id="M201606290">
+ <p>Antivirus programs have so many errors that <a
+
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">they
+ may make security worse</a>.</p>
-<li>
-<p><a
href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">
-It is possible to take control of some car computers through malware
-in music files</a>.
-Also <a href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">by
-radio</a>. Here is <a href="http://www.autosec.org/faq.html">more
-information</a>.
-</p>
-</li>
+ <p>GNU/Linux does not need antivirus software.</p>
+ </li>
-<li>
-<p><a
href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">
-It is possible to kill people by taking control of medical implants by
-radio</a>. Here
-is <a href="http://www.bbc.co.uk/news/technology-17631838">more
-information</a>. And <a
-href="https://web.archive.org/web/20180203130244/http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">here</a>.
-</p>
-</li>
+ <li id="M201605020">
+ <p>Samsung's “Smart Home” has a big security hole; <a
+
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">
+ unauthorized people can remotely control it</a>.</p>
+
+ <p>Samsung claims that this is an “open” platform so the
+ problem is partly the fault of app developers. That is clearly true
+ if the apps are proprietary software.</p>
+
+ <p>Anything whose name is “Smart” is most likely going
+ to screw you.</p>
+ </li>
+
+ <li id="M201604120">
+ <p>A bug in the iThings Messages app <a
+
href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed
+ a malicious web site to extract all the user's messaging
+ history</a>.</p>
+ </li>
+
+ <li id="M201604110">
+ <p>Malware was found on <a
+
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">
+ security cameras available through Amazon</a>.</p>
+
+ <p>A camera that records locally on physical media, and has no network
+ connection, does not threaten people with surveillance—neither
+ by watching people through the camera, nor through malware in the
+ camera.</p>
+ </li>
+
+ <li id="M201603220">
+ <p>Over 70 brands of network-connected surveillance cameras have <a
+
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
+ security bugs that allow anyone to watch through them</a>.</p>
+ </li>
+
+ <li id="M201603100">
+ <p>Many proprietary payment apps <a
+
href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">transmit
+ personal data in an insecure way</a>. However,
+ the worse aspect of these apps is that <a
+ href="/philosophy/surveillance-vs-democracy.html">payment is not
+ anonymous</a>.</p>
+ </li>
+
+ <li id="M201602240">
+ <p id="nissan-modem">The Nissan Leaf has a built-in
+ cell phone modem which allows effectively anyone <a
+ href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+ access its computers remotely and make changes in various
+ settings</a>.</p>
+
+ <p>That's easy to do because the system has no authentication
+ when accessed through the modem. However, even if it asked
+ for authentication, you couldn't be confident that Nissan
+ has no access. The software in the car is proprietary, <a
+ href="/philosophy/free-software-even-more-important.html">which means
+ it demands blind faith from its users</a>.</p>
+
+ <p>Even if no one connects to the car remotely, the cell phone modem
+ enables the phone company to track the car's movements all the time;
+ it is possible to physically remove the cell phone modem, though.</p>
+ </li>
+
+ <li id="M201510210">
+ <p>FitBit fitness trackers have a <a
+
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
+ Bluetooth vulnerability</a> that allows attackers to send malware
+ to the devices, which can subsequently spread to computers and other
+ FitBit trackers that interact with them.</p>
+ </li>
+
+ <li id="M201510200">
+ <p>“Self-encrypting” disk drives
+ do the encryption with proprietary firmware so you
+ can't trust it. Western Digital's “My Passport” drives <a
+
href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">
+ have a back door</a>.</p>
+ </li>
+
+ <li id="M201508120">
+ <p>Security researchers discovered a <a
+
href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
+ vulnerability in diagnostic dongles used for vehicle tracking and
+ insurance</a> that let them take remote control of a car or lorry
+ using an SMS.</p>
+ </li>
+
+ <li id="M201507214">
+ <p>Crackers were able to <a
+
href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">
+ take remote control of the Jeep</a> “connected car”. They
+ could track the car, start or stop the engine, and activate or
+ deactivate the brakes, and more.</p>
+
+ <p>I expect that Chrysler and the NSA can do this too.</p>
+
+ <p>If I ever own a car, and it contains a portable phone, I will
+ deactivate that.</p>
+ </li>
+
+ <li id="M201506080">
+ <p>Due to bad security in a drug pump, crackers could use it to <a
+
href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">
+ kill patients</a>.</p>
+ </li>
-<li>
-<p>Lots of <a
href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">hospital
equipment has lousy security</a>, and it can be fatal.
-</p>
-</li>
+ <li id="M201505294">
+ <p><a
+
href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
+ Many smartphone apps use insecure authentication methods when storing
+ your personal data on remote servers</a>. This leaves personal
+ information like email addresses, passwords, and health information
+ vulnerable. Because many of these apps are proprietary it makes it
+ hard to impossible to know which apps are at risk.</p>
+ </li>
+
+ <li id="M201505050">
+ <p>Hospira infusion pumps, which are used
+ to administer drugs to a patient, were rated “<a
+
href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least
+ secure IP device I've ever seen</a>” by a security
+ researcher.</p>
+
+ <p>Depending on what drug is being infused, the insecurity could open
+ the door to murder.</p>
+ </li>
+
+ <li id="M201504090">
+ <p>Mac OS X had an <a
+
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
+ intentional local back door for 4 years</a>, which could be exploited
+ by attackers to gain root privileges.</p>
+ </li>
+
+ <li id="M201405190">
+ <p>An app to prevent “identity theft”
+ (access to personal data) by storing users' data on a special server <a
+
href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was
+ deactivated by its developer</a> which had discovered a security
+ flaw.</p>
+
+ <p>That developer seems to be conscientious about protecting personal
+ data from third parties in general, but it can't protect that data
+ from the state. Quite the contrary: confiding your data to someone
+ else's server, if not first encrypted by you with free software,
+ undermines your rights.</p>
+ </li>
+
+ <li id="M201404250">
+ <p>Lots of <a
+ href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">
+ hospital equipment has lousy security</a>, and it can be fatal.</p>
+ </li>
+
+ <li id="M201402210">
+ <p>The <a
+
href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity
+ of WhatsApp</a> makes eavesdropping a snap.</p>
+ </li>
+
+ <li id="M201312290">
+ <p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some flash
+ memories have modifiable software</a>, which makes them vulnerable
+ to viruses.</p>
+
+ <p>We don't call this a “back door” because it is normal
+ that you can install a new system in a computer, given physical access
+ to it. However, memory sticks and cards should not be modifiable in
+ this way.</p>
+ </li>
-<li>
-<p><a
href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
-Point-of-sale terminals running Windows were taken over and turned
-into a botnet for the purpose of collecting customers' credit card
-numbers</a>.
-</p>
-</li>
+ <li id="M201312040">
+ <p><a
+
href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
+ Point-of-sale terminals running Windows were taken over</a> and
+ turned into a botnet for the purpose of collecting customers' credit
+ card numbers.</p>
+ </li>
-<li>
-<p>An app to prevent “identity theft” (access to personal data)
-by storing users' data on a special server
-<a
href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was
-deactivated by its developer</a> which had discovered a security flaw.
-</p>
+ <li id="M201311120">
+ <p><a
+
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones,
+ Android, and BlackBerry</a>. While there is not much
+ detail here, it seems that this does not operate via
+ the universal back door that we know nearly all portable
+ phones have. It may involve exploiting various bugs. There are <a
+
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots of bugs in the phones' radio software</a>.</p>
+ </li>
-<p>
-That developer seems to be conscientious about protecting personal
-data from third parties in general, but it can't protect that data
-from the state. Quite the contrary: confiding your data to someone
-else's server, if not first encrypted by you with free software,
-undermines your rights.
-</p>
-</li>
+ <li id="M201309054">
+ <p><a
+
href="http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security">The
+ NSA has put back doors into nonfree encryption software</a>. We don't
+ know which ones they are, but we can be sure they include some widely
+ used systems. This reinforces the point that you can never trust
+ the security of nonfree software.</p>
+ </li>
+
+ <li id="M201309050">
+ <p>The FTC punished a company for making webcams with <a
+
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
+ bad security so that it was easy for anyone to watch through
+ them</a>.</p>
+ </li>
+
+ <li id="M201308060">
+ <p><a href="http://spritesmods.com/?art=hddhack&page=6">
+ Replaceable nonfree software in disk drives can be written by a
+ nonfree program</a>. This makes any system vulnerable to persistent
+ attacks that normal forensics won't detect.</p>
+ </li>
+
+ <li id="M201307270">
+ <p> It is possible to <a
+
href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">
+ kill people by taking control of medical
+ implants by radio</a>. More information in <a
+ href="http://www.bbc.co.uk/news/technology-17631838">BBC
+ News</a> and <a
+
href="https://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">
+ IOActive Labs Research blog</a>.</p>
+ </li>
-<li>
-<p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some flash
-memories have modifiable software</a>, which makes them vulnerable to
-viruses.</p>
-
-<p>We don't call this a “back door” because it is normal
-that you can install a new system in a computer given physical access
-to it. However, memory sticks and cards should not be modifiable in
-this way.</p>
-</li>
-
-<li>
-<p><a href="http://spritesmods.com/?art=hddhack&page=6"> Replaceable
-nonfree software in disk drives can be written by a nonfree
-program.</a> This makes any system vulnerable to persistent attacks
-that normal forensics won't detect.</p>
-</li>
-
-<li>
-<p><a
href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
-Many smartphone apps use insecure authentication methods when storing
-your personal data on remote servers.</a>
-This leaves personal information like email addresses, passwords, and health
information vulnerable. Because many
-of these apps are proprietary it makes it hard to impossible to know which
apps are at risk.</p>
-</li>
+ <li id="M201307260">
+ <p><a
+
href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
+ “Smart homes”</a> turn out to be stupidly vulnerable to
+ intrusion.</p>
+ </li>
+ <li id="M201212170">
+ <p id="break-security-smarttv"><a
+
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
+ Crackers found a way to break security on a “smart” TV</a>
+ and use its camera to watch the people who are watching TV.</p>
+ </li>
+
+ <li id="M201103110">
+ <p>It is possible to <a
+
href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">
+ take control of some car computers through malware in music files</a>.
+ Also <a
+ href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">
+ by radio</a>. More information in <a
+ href="http://www.autosec.org/faq.html"> Automotive Security And
+ Privacy Center</a>.</p>
+ </li>
</ul>
+
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer">
@@ -583,7 +624,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/09/18 17:27:39 $
+$Date: 2018/09/26 18:28:12 $
<!-- timestamp end -->
</p>
</div>
Index: po/proprietary-insecurity.ru.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-insecurity.ru.po,v
retrieving revision 1.188
retrieving revision 1.189
diff -u -b -r1.188 -r1.189
--- po/proprietary-insecurity.ru.po 26 Sep 2018 18:07:35 -0000 1.188
+++ po/proprietary-insecurity.ru.po 26 Sep 2018 18:28:12 -0000 1.189
@@ -15,7 +15,6 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Outdated-Since: 2018-09-26 14:26+0000\n"
#. type: Content of: <title>
msgid "Proprietary Insecurity - GNU Project - Free Software Foundation"
@@ -503,12 +502,6 @@
"пока не Ð²Ð¸Ð´Ð¸Ñ Ð¼Ð°Ð¼Ð°."
#. type: Content of: <ul><li><p>
-# || No change detected. The change might only be in amounts of spaces.
-#| msgid ""
-#| "4G LTE phone networks are drastically insecure. They can be <a href="
-#| "\"https://www.theregister.co.uk/2016/10/23/"
-#| "every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/\"> taken "
-#| "over by third parties and used for man-in-the-middle attacks</a>."
msgid ""
"4G LTE phone networks are drastically insecure. They can be <a href="
"\"https://www.theregister.co.uk/2016/10/23/"
@@ -802,14 +795,6 @@
"hospital-drug-pumps/\">ÑбийÑÑва паÑиенÑов</a>."
#. type: Content of: <ul><li><p>
-# || No change detected. The change might only be in amounts of spaces.
-#| msgid ""
-#| "<a href=\"http://phys.org/news/2015-05-app-vulnerability-threatens-"
-#| "millions-users.html\"> Many smartphone apps use insecure authentication "
-#| "methods when storing your personal data on remote servers</a>. This "
-#| "leaves personal information like email addresses, passwords, and health "
-#| "information vulnerable. Because many of these apps are proprietary it "
-#| "makes it hard to impossible to know which apps are at risk."
msgid ""
"<a href=\"http://phys.org/news/2015-05-app-vulnerability-threatens-millions-"
"users.html\"> Many smartphone apps use insecure authentication methods when "
@@ -860,13 +845,6 @@
"воÑполÑзоваÑÑÑÑ, ÑÑÐ¾Ð±Ñ Ð¿Ð¾Ð»ÑÑиÑÑ Ð¿Ñава
админиÑÑÑаÑоÑа."
#. type: Content of: <ul><li><p>
-# || No change detected. The change might only be in amounts of spaces.
-#| msgid ""
-#| "An app to prevent “identity theft” (access to personal data) "
-#| "by storing users' data on a special server <a href=\"http://arstechnica."
-#| "com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-"
-#| "over-concerns-that-app-isnt-safe/\">was deactivated by its developer</a> "
-#| "which had discovered a security flaw."
msgid ""
"An app to prevent “identity theft” (access to personal data) by "
"storing users' data on a special server <a href=\"http://arstechnica.com/"
@@ -966,18 +944,6 @@
"ÑадиоаппаÑаÑÑÑÑ ÑелеÑонов еÑÑÑ Ð¼Ð½Ð¾Ð¶ÐµÑÑво
оÑибок</a>."
#. type: Content of: <ul><li><p>
-# | <a
-# |
href=\"http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security\">The
-# | NSA has put back doors into nonfree encryption [-software.</a>-]
-# | {+software</a>.+} We don't know which ones they are, but we can be sure
-# | they include some widely used systems. This reinforces the point that you
-# | can never trust the security of nonfree software.
-#| msgid ""
-#| "<a href=\"http://www.theguardian.com/world/2013/sep/05/nsa-gchq-"
-#| "encryption-codes-security\">The NSA has put back doors into nonfree "
-#| "encryption software.</a> We don't know which ones they are, but we can be "
-#| "sure they include some widely used systems. This reinforces the point "
-#| "that you can never trust the security of nonfree software."
msgid ""
"<a href=\"http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-"
"codes-security\">The NSA has put back doors into nonfree encryption "
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary proprietary-insecurity.ru.html ...,
GNUN <=