[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-insecurity.de.html ...
|
From: |
GNUN |
|
Subject: |
www/proprietary proprietary-insecurity.de.html ... |
|
Date: |
Sat, 17 Nov 2018 12:27:57 -0500 (EST) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 18/11/17 12:27:57
Modified files:
proprietary : proprietary-insecurity.de.html
proprietary/po : proprietary-insecurity.de-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.de.html?cvsroot=www&r1=1.26&r2=1.27
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-insecurity.de-diff.html?cvsroot=www&r1=1.6&r2=1.7
Patches:
Index: proprietary-insecurity.de.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-insecurity.de.html,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -b -r1.26 -r1.27
--- proprietary-insecurity.de.html 30 Aug 2018 15:58:16 -0000 1.26
+++ proprietary-insecurity.de.html 17 Nov 2018 17:27:57 -0000 1.27
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE"
value="/proprietary/proprietary-insecurity.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/proprietary-insecurity.de.po">
+ https://www.gnu.org/proprietary/po/proprietary-insecurity.de.po</a>'
+ --><!--#set var="ORIGINAL_FILE"
value="/proprietary/proprietary-insecurity.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/proprietary-insecurity.de-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2018-09-18" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/proprietary-insecurity.en.html" -->
<!--#include virtual="/server/header.de.html" -->
<!-- Parent-Version: 1.84 -->
@@ -8,6 +13,7 @@
<!--#include virtual="/proprietary/po/proprietary-insecurity.translist" -->
<!--#include virtual="/server/banner.de.html" -->
+<!--#include virtual="/server/outdated.de.html" -->
<h2>Proprietäre Unsicherheit</h2>
<a href="/proprietary/">Weitere Beispiele proprietärer Schadsoftware</a>
@@ -767,7 +773,7 @@
<p class="unprintable"><!-- timestamp start -->
Letzte Ãnderung:
-$Date: 2018/08/30 15:58:16 $
+$Date: 2018/11/17 17:27:57 $
<!-- timestamp end -->
</p>
Index: po/proprietary-insecurity.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-insecurity.de-diff.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -b -r1.6 -r1.7
--- po/proprietary-insecurity.de-diff.html 4 Aug 2018 15:59:31 -0000
1.6
+++ po/proprietary-insecurity.de-diff.html 17 Nov 2018 17:27:57 -0000
1.7
@@ -12,6 +12,11 @@
<body><pre>
<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.84 -->
+<span class="inserted"><ins><em><!--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Please do not edit lists with items such as <li id="Mnnnnnnnn">!
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+--></em></ins></span>
<title>Proprietary Insecurity
- GNU Project - Free Software Foundation</title>
<!--#include virtual="/proprietary/po/proprietary-insecurity.translist"
-->
@@ -20,6 +25,7 @@
<a href="/proprietary/proprietary.html">Other examples of proprietary
malware</a>
+<span class="inserted"><ins><em><div class="comment"></em></ins></span>
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
@@ -27,9 +33,9 @@
basic injustice</a>. The developers often exercise that power to the
detriment of the users they ought to serve.</p>
-<p>This page lists clearly established cases of insecurity in
+<span class="removed"><del><strong><p>This page lists clearly
established cases of insecurity in
proprietary software that has grave consequences or is otherwise
-noteworthy.</p>
+noteworthy.</p></strong></del></span>
<p>It is incorrect to compare free software with a fictitious idea of
proprietary software as perfect, but the press often implicitly does
@@ -40,64 +46,124 @@
<p>It would be equally incorrect to compare proprietary software with
a fictitious idea of free software as perfect. Every nontrivial
program has bugs, and any system, free or proprietary, may have
-security errors. To err is human, and not culpable. But proprietary
+security <span class="removed"><del><strong>errors.</strong></del></span>
<span class="inserted"><ins><em>flaws.</em></ins></span> To err is human, and
not culpable. But proprietary
software developers frequently disregard gaping holes, or even
introduce them deliberately. In any case, they keep users
<em>helpless to fix any security problems that arise</em>.
Keeping the
users helpless is what's culpable about proprietary software.</p>
-<span class="inserted"><ins><em><p>If you know of an example that ought
to be in this page but isn't
+<span class="inserted"><ins><em><p>This page lists clearly established
cases of insecurity in
+proprietary software that has grave consequences or is otherwise
+noteworthy.</p>
+
+<div class="important"></em></ins></span>
+<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:address@hidden"><address@hidden></a>
to inform us. Please include the URL of a trustworthy reference or two
-to present the specifics.</p></em></ins></span>
+to <span class="removed"><del><strong>present</strong></del></span> <span
class="inserted"><ins><em>serve as specific substantiation.</p>
+</div>
+</div>
+<div class="column-limit" id="proprietary-insecurity"></div>
+
+<ul class="blurbs">
+ <li id="M201809240">
+ <p>Researchers have discovered how to <a
+
href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co">
+ hide voice commands in other audio</a>, so that people cannot hear
+ them, but Alexa and Siri can.</p>
+ </li>
+
+ <li id="M201808120">
+ <p>Crackers found a way to break the security of an Amazon device,
+ and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
+ turn it into a listening device</a> for them.</p>
+
+ <p>It was very difficult for them to do this. The job would be much
+ easier for Amazon. And if some government such as China or the US
+ told Amazon to do this, or cease to sell the product in that country,
+ do you think Amazon would have the moral fiber to say no?</p>
+
+ <p>These crackers are probably hackers too, but please <a
+ href="https://stallman.org/articles/on-hacking.html"> don't use
+ “hacking” to mean “breaking
security”</a>.</p>
+ </li>
+
+ <li id="M201807100">
+ <p>Siri, Alexa, and all</em></ins></span> the <span
class="removed"><del><strong>specifics.</p>
<ul>
-<li>
- <span class="inserted"><ins><em><p>Some Samsung phones
- randomly <a
href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages">send
+<li></strong></del></span> <span class="inserted"><ins><em>other
voice-control systems can be <a
+
href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">
+ hijacked by programs that play commands in ultrasound that humans
+ can't hear</a>.</p>
+ </li>
+
+ <li id="M201807020"></em></ins></span>
+ <p>Some Samsung phones randomly <a
+
href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages">send
photos to people in the owner's contact list</a>.</p>
-</li>
-<li></em></ins></span>
- <p>One of the dangers of the “internet of stings” is that,
if
- you lose your internet service, you also <a
-href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/">
+ </li>
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201712240"></em></ins></span>
+ <p>One of the dangers of the “internet of stings”
+ is that, if you lose your internet service, you also <a
+
href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/">
lose control of your house and appliances</a>.</p>
- <p>For your safety, don't use any appliance with a connection to the
real
- internet.</p>
-</li>
-<li>
+
+ <p>For your safety, don't use any appliance with a connection to the
+ real internet.</p>
+ </li>
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201711204">
+ <p>Intel's intentional “management engine” back door has
<a
+
href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/">
+ unintended back doors</a> too.</p>
+ </li>
+
+ <li id="M201711200"></em></ins></span>
<p>Amazon recently invited consumers to be suckers and <a
-href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
- allow delivery staff to open their front doors</a>. Wouldn't you
know it,
- the system has a grave security flaw.</p>
-</li>
-<li>
+
href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
+ allow delivery staff to open their front doors</a>. Wouldn't you know
+ it, the system has a grave security flaw.</p>
+ </li>
+<span class="removed"><del><strong><li>
<p>Intel's intentional “management engine” back door has
<a
href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/">
unintended back doors</a> too.</p>
</li>
-<li>
- <p>Bad security in some cars makes it possible
- to <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937">
+<li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201709290"></em></ins></span>
+ <p>Bad security in some cars makes it possible to <a
+ href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937">
remotely activate the airbags</a>.</p>
-</li>
-<li>
- <p>A “smart” intravenous pump designed for
- hospitals is connected to the internet. Naturally <a
-href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">
+ </li>
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201709200"></em></ins></span>
+ <p>A “smart” intravenous pump
+ designed for hospitals is connected to the internet. Naturally <a
+
href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">
its security has been cracked</a>.</p>
+
<p>Note that this article misuses the term <a
-href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>
+
href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>
referring to crackers.</p>
-</li>
-<li>
- <p>The bad security in many Internet of Stings devices
- allows <a
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ </li>
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201708280"></em></ins></span>
+ <p>The bad security in many Internet of Stings devices allows <a
+
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
to snoop on the people that use them</a>.</p>
+
<p>Don't be a sucker—reject all the stings.</p>
+
<p>It is unfortunate that the article uses the term <a
- href="/philosophy/words-to-avoid.html#Monetize">
+ <span
class="removed"><del><strong>href="/philosophy/words-to-avoid.html#Monetize">
“monetize”</a>.</p>
</li>
<li>
@@ -105,27 +171,28 @@
<a
href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">
hijacked by programs that play commands in ultrasound that humans can't
- hear</a>.</p>
-</li>
+ hear</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p></em></ins></span>
+ </li>
-<li id="break-security-smarttv">
+ <li <span class="removed"><del><strong>id="break-security-smarttv">
<p><a
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
Crackers found a way to break security on a “smart”
TV</a> and use its camera
to watch the people who are watching TV.</p>
</li>
-<li>
+<li></strong></del></span> <span
class="inserted"><ins><em>id="M201706201"></em></ins></span>
<p>Many models of Internet-connected cameras <a
href="/proprietary/proprietary-back-doors.html#InternetCameraBackDoor">
have backdoors</a>.</p>
- <p>That is a malicious functionality, but in addition it is a gross
- insecurity since anyone, including malicious crackers, <a
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can
find those accounts and use them to get into
- users' cameras</a>.</p>
+ <p>That is a malicious functionality, but in addition it
+ is a gross insecurity since anyone, including malicious crackers, <a
+
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can
+ find those accounts and use them to get into users'
cameras</a>.</p>
+ </li>
-</li>
-
-<li>
+<span class="removed"><del><strong><li>
<p>
Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
pre-installed on 28 models of HP laptops logged the user's
@@ -151,64 +218,131 @@
<a
href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack
a great number
of Windows computers with ransomware</a>.
</p>
-</li>
+</li></strong></del></span>
-<li id="intel-me-10-year-vulnerability">
- <p>Intel's CPU backdoor—the Intel Management Engine—had a
- <a
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major
security
- vulnerability for 10 years</a>.</p>
-
- <p>The vulnerability allowed a cracker to access the computer's Intel
Active
- Management Technology
- (AMT) <a
href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/">
+ <li <span
class="removed"><del><strong>id="intel-me-10-year-vulnerability">
+ <p>Intel's</strong></del></span> <span
class="inserted"><ins><em>id="M201706050">
+ <p id="intel-me-10-year-vulnerability">Intel's</em></ins></span>
+ CPU backdoor—the Intel Management Engine—had a <a
+
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major
+ security vulnerability for 10 years</a>.</p>
+
+ <p>The vulnerability allowed a cracker to access
+ the computer's Intel Active Management Technology (AMT) <a
+
href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/">
web interface with an empty password and gave administrative
- access</a> to access the computer's keyboard, mouse, monitor
- among other privileges.</p>
+ access</a> to access the computer's keyboard, mouse, monitor among
+ other privileges.</p>
<p>It does not help that in newer Intel processors, it is
impossible
to turn off the Intel Management Engine. Thus, even users who are
proactive about their security can do nothing to protect themselves
besides using machines that don't come with the backdoor.</p>
+ </li>
-</li>
+<span class="removed"><del><strong><li></strong></del></span>
-<li>
- <p>Many Android devices <a
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
+ <span class="inserted"><ins><em><li id="M201705250">
+ <p>The proprietary code that runs pacemakers,
+ insulin pumps, and other medical devices is <a
+ href="http://www.bbc.co.uk/news/technology-40042584"> full of gross
+ security faults</a>.</p>
+ </li>
+
+ <li id="M201705160">
+ <p>Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
+ pre-installed on 28 models of HP laptops logged the user's keystroke
+ to a file in the filesystem. Any process with access to the filesystem
+ or the MapViewOfFile API could gain access to the log. Furthermore, <a
+
href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">according
+ to modzero</a> the “information-leak via Covert Storage Channel
+ enables malware authors to capture keystrokes without taking the risk
+ of being classified as malicious task by AV heuristics”.</p>
+ </li>
+
+ <li id="M201705120">
+ <p>Exploits of bugs in Windows, which were developed by the NSA
+ and then leaked by the Shadowbrokers group, are now being used to <a
+
href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack
+ a great number of Windows computers with ransomware</a>.</p>
+ </li>
+
+ <li id="M201704050"></em></ins></span>
+ <p>Many Android devices <a
+
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
can be hijacked through their Wi-Fi chips</a> because of a bug in
Broadcom's non-free firmware.</p>
-</li>
+ </li>
-<li>
-<p>When Miele's Internet of Stings hospital disinfectant dishwasher is
<a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">connected</strong></del></span>
-<span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">
-connected</em></ins></span> to the Internet, its security is
crap</a>.</p>
+<span class="removed"><del><strong><li></strong></del></span>
-<p>For example, a cracker can gain access to the dishwasher's
filesystem,
-infect it with malware, and force the dishwasher to launch attacks on other
-devices in the network. Since these dishwashers are used in hospitals, such
-attacks could potentially put hundreds of lives at risk.</p>
+ <span class="inserted"><ins><em><li id="M201703270"></em></ins></span>
+ <p>When Miele's Internet of
+ Stings hospital disinfectant dishwasher is <a
+
href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">
+ connected to the Internet, its security is crap</a>.</p>
+
+ <p>For example, a cracker can gain access to the dishwasher's
+ filesystem, infect it with malware, and force the dishwasher to launch
+ attacks on other devices in the network. Since these dishwashers are
+ used in hospitals, such attacks could potentially put hundreds of
+ lives at risk.</p>
+ </li>
+<span class="removed"><del><strong><li><p>WhatsApp
has</strong></del></span>
-</li>
-<li><p>WhatsApp has a feature that
+ <span class="inserted"><ins><em><li id="M201702200">
+ <p>If you buy</em></ins></span> a <span
class="removed"><del><strong>feature that
<a
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/">
- has been described as a “back door”</a>
- because it would enable governments to nullify its encryption.</p>
+ has been described</strong></del></span> <span
class="inserted"><ins><em>used “smart”
+ car, house, TV, refrigerator, etc., usually <a
+
href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the
+ previous owners can still remotely control it</a>.</p>
+ </li>
+
+ <li id="M201702170">
+ <p>The mobile apps for communicating <a
+
href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with
+ a smart but foolish car have very bad security</a>.</p>
+
+ <p>This is in addition to the fact that the car contains a cellular
+ modem that tells big brother all the time where it is. If you own
+ such a car, it would be wise to disconnect the modem so as to turn
+ off the tracking.</p>
+ </li>
+
+ <li id="M201701270">
+ <p>Samsung phones <a
+
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have
+ a security hole that allows an SMS message to install
+ ransomware</a>.</p>
+ </li>
+
+ <li id="M201701130">
+ <p>WhatsApp has a feature that <a
+
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/">
+ has been described</em></ins></span> as a “back
door”</a> because it would
+ enable governments to nullify its encryption.</p>
+
<p>The developers say that it wasn't intended as a back door, and that
may well be true. But that leaves the crucial question of whether it
functions as one. Because the program is nonfree, we cannot check by
- studying it.</p></li>
+ studying <span class="removed"><del><strong>it.</p></li>
-<li>
-<p>The “smart” toys My Friend Cayla and i-Que can be
-<a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely
controlled with a mobile phone</a>; physical access
-is not necessary. This would enable crackers to listen in on a child's
-conversations, and even speak into the toys themselves.</p>
+<li></strong></del></span> <span class="inserted"><ins><em>it.</p>
+ </li>
-<p>This means a burglar could speak into the toys and ask the child to
-unlock the front door while Mommy's not looking.</p>
-</li>
+ <li id="M201612061"></em></ins></span>
+ <p>The “smart” toys My Friend Cayla and i-Que can be
<a
+
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely
+ controlled with a mobile phone</a>; physical access is not
+ necessary. This would enable crackers to listen in on a child's
+ conversations, and even speak into the toys themselves.</p>
+
+ <p>This means a burglar could speak into the toys and ask the child
+ to unlock the front door while Mommy's not looking.</p>
+ </li>
-<li>
+<span class="removed"><del><strong><li>
<p>The mobile apps for
communicating <a
href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with
a smart but foolish car have very bad security</a>.</p>
@@ -233,59 +367,81 @@
ransomware</a>.</p>
</li>
-<li>
-<p>4G LTE phone networks are drastically insecure. They can be
-<a
href="https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/">
-taken
-over by third parties and used for man-in-the-middle
attacks</a>.</p>
-</li>
-
-<li>
-<p>Due to weak security, <a
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
-is easy to open the doors of 100 million cars built by
Volkswagen</a>.</p>
-</li>
-
-<li>
-<p>Ransomware <a <span
class="removed"><del><strong>href="https://www.pentestpartners.com/blog/thermostat-ransomware-a-lesson-in-iot-security/">has</strong></del></span>
-<span
class="inserted"><ins><em>href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/">
-has</em></ins></span> been developed for a thermostat that uses proprietary
software</a>.</p>
-</li>
+<li></strong></del></span>
-<li>
-<p>A <a
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
in
-Internet Explorer and Edge</a> allows an attacker to retrieve
-Microsoft account credentials, if the user is tricked into visiting a
-malicious link.</p>
-</li>
+ <span class="inserted"><ins><em><li id="M201610230"></em></ins></span>
+ <p>4G LTE phone networks are drastically insecure. They can be <a
<span
class="removed"><del><strong>href="https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/"></em></ins></span>
+ taken over by third parties and used for man-in-the-middle
+ attacks</a>.</p>
+ </li>
+
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201608110"></em></ins></span>
+ <p>Due to weak security, <a
+
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
+ is easy to open the doors of 100 million cars built by
+ Volkswagen</a>.</p>
+ </li>
+
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201608080"></em></ins></span>
+ <p>Ransomware <a
+
href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/">
+ has been developed for a thermostat that uses proprietary
+ software</a>.</p>
+ </li>
+
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201608020"></em></ins></span>
+ <p>A <a
+
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
+ in Internet Explorer and Edge</a> allows an attacker to retrieve
+ Microsoft account credentials, if the user is tricked into visiting
+ a malicious link.</p>
+ </li>
-<li>
-<p><a
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“Deleted”
-WhatsApp messages are not entirely deleted</a>. They can be recovered
-in various ways.
-</p>
-</li>
+<span class="removed"><del><strong><li></strong></del></span>
-<li>
-<p>A vulnerability in Apple's Image I/O API allowed an attacker to
-<a
href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">execute
+ <span class="inserted"><ins><em><li id="M201607290"></em></ins></span>
+ <p><a
+
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“Deleted”
+ WhatsApp messages are not entirely deleted</a>. They can be recovered
+ in various <span class="removed"><del><strong>ways.
+</p></strong></del></span> <span
class="inserted"><ins><em>ways.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201607220"></em></ins></span>
+ <p>A vulnerability in Apple's Image I/O API allowed an attacker to
<a
+
href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">execute
malicious code from any application which uses this API to render a
certain kind of image file</a>.</p>
-</li>
-<li>
-<p>A bug in a proprietary ASN.1 library, used in cell phone towers as
-well as cell phones and
-routers, <a
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">allows
-taking control of those systems</a>.</p>
-</li>
+ </li>
+<span class="removed"><del><strong><li></strong></del></span>
-<li>
-<p>Antivirus programs have so many errors
- that <a
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">they
+ <span class="inserted"><ins><em><li id="M201607190"></em></ins></span>
+ <p>A bug in a proprietary ASN.1 library, used
+ in cell phone towers as well as cell phones and routers, <a
+
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">allows
+ taking control of those systems</a>.</p>
+ </li>
+
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201606290"></em></ins></span>
+ <p>Antivirus programs have so many errors that <a
+
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">they
may make security worse</a>.</p>
-<p>GNU/Linux does not need antivirus software.</p>
-</li>
-<li>
+ <p>GNU/Linux does not need antivirus software.</p>
+ </li>
+
+<span class="removed"><del><strong><li>
<p>Over 70 brands of network-connected surveillance
cameras <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">have
security bugs that allow anyone to watch through them</a>.</p>
@@ -293,39 +449,78 @@
<li>
<p>
-Samsung's “Smart Home” has a big security
-hole; <a
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">unauthorized
-people can remotely control it</a>.</p>
+Samsung's</strong></del></span>
-<p>Samsung claims that this is an “open” platform so the
-problem is partly the fault of app developers. That is clearly true if
-the apps are proprietary software.</p>
+ <span class="inserted"><ins><em><li id="M201605020">
+ <p>Samsung's</em></ins></span> “Smart Home” has a big
security hole; <a <span
class="removed"><del><strong>href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">unauthorized</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">
+ unauthorized</em></ins></span> people can remotely control
it</a>.</p>
+
+ <p>Samsung claims that this is an “open” platform so the
+ problem is partly the fault of app developers. That is clearly true
+ if the apps are proprietary software.</p>
+
+ <p>Anything whose name is “Smart” is most likely going
+ to screw you.</p>
+ </li>
+
+<span class="removed"><del><strong><li>
+<p>
+The Nissan Leaf has</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201604120">
+ <p>A bug in the iThings Messages app <a
+
href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed</em></ins></span>
+ a <span class="removed"><del><strong>built-in cell
phone</strong></del></span> <span class="inserted"><ins><em>malicious web site
to extract all the user's messaging
+ history</a>.</p>
+ </li>
+
+ <li id="M201604110">
+ <p>Malware was found on <a
+
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">
+ security cameras available through Amazon</a>.</p>
+
+ <p>A camera that records locally on physical media, and has no
network
+ connection, does not threaten people with surveillance—neither
+ by watching people through the camera, nor through malware in the
+ camera.</p>
+ </li>
+
+ <li id="M201603220">
+ <p>Over 70 brands of network-connected surveillance cameras have
<a
+
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
+ security bugs that allow anyone to watch through them</a>.</p>
+ </li>
+
+ <li id="M201603100">
+ <p>Many proprietary payment apps <a
+
href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">transmit
+ personal data in an insecure way</a>. However,
+ the worse aspect of these apps is that <a
+ href="/philosophy/surveillance-vs-democracy.html">payment is not
+ anonymous</a>.</p>
+ </li>
+
+ <li id="M201602240">
+ <p id="nissan-modem">The Nissan Leaf has a built-in
+ cell phone</em></ins></span> modem which allows effectively anyone <span
class="inserted"><ins><em>to</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/"></em></ins></span>
+ access its computers remotely and make changes in various
+ settings</a>.</p>
+
+ <p>That's easy to do because the system has no authentication
+ when accessed through the modem. However, even if it asked
+ for authentication, you couldn't be confident that Nissan
+ has no access. The software in the car is proprietary, <a
+ href="/philosophy/free-software-even-more-important.html">which means
+ it demands blind faith from its users</a>.</p>
+
+ <p>Even if no one connects to the car remotely, the cell phone modem
+ enables the phone company to track the car's movements all the time;
+ it is possible to physically remove the cell phone <span
class="removed"><del><strong>modem</strong></del></span> <span
class="inserted"><ins><em>modem,</em></ins></span> though.</p>
+ </li>
-<p>Anything whose name is “Smart” is most likely going to
-screw you.</p>
-</li>
-
-<li>
-<p>
-The Nissan Leaf has a built-in cell phone modem which allows
-effectively
-anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
-access its computers remotely and make changes in various
-settings</a>.</p>
-
-<p>That's easy to do because the system has no authentication when
-accessed through the modem. However, even if it asked for
-authentication, you couldn't be confident that Nissan has no
-access. The software in the car is
-proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
-means it demands blind faith from its users</a>.</p>
-
-<p>Even if no one connects to the car remotely, the cell phone modem
-enables the phone company to track the car's movements all the time;
-it is possible to physically remove the cell phone modem though.</p>
-</li>
-
-<li>
+<span class="removed"><del><strong><li>
<p>
Malware found
on <a
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">security
@@ -356,19 +551,27 @@
<li>
<p>
-FitBit fitness trackers <a
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
-have a Bluetooth vulnerability</a> that allows
-attackers to send malware to the devices, which can subsequently spread
-to computers and other FitBit trackers that interact with them.
-</p>
-</li>
+FitBit</strong></del></span>
-<li>
-<p>
-“Self-encrypting” disk drives do the encryption with proprietary
-firmware so you can't trust it. Western Digital's “My Passport”
-drives
-<a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">have</strong></del></span>
<span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">have</em></ins></span>
a back door</a>.
+ <span class="inserted"><ins><em><li id="M201510210">
+ <p>FitBit</em></ins></span> fitness trackers <span
class="removed"><del><strong><a
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/"></strong></del></span>
have a <span class="inserted"><ins><em><a
+
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/"></em></ins></span>
+ Bluetooth vulnerability</a> that allows attackers to send malware
+ to the devices, which can subsequently spread to computers and other
+ FitBit trackers that interact with <span class="removed"><del><strong>them.
+</p></strong></del></span> <span
class="inserted"><ins><em>them.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li>
+<p>
+“Self-encrypting”</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201510200">
+ <p>“Self-encrypting”</em></ins></span> disk drives
+ do the encryption with proprietary firmware so you
+ can't trust it. Western Digital's “My Passport” drives <a
<span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">have</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">
+ have</em></ins></span> a back <span
class="removed"><del><strong>door</a>.
</p>
</li>
@@ -378,51 +581,83 @@
<a
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
intentional local back door for 4 years</a>, which could be
exploited by attackers to gain root privileges.
-</p>
-</li>
+</p></strong></del></span> <span
class="inserted"><ins><em>door</a>.</p></em></ins></span>
+ </li>
-<li>
-<p>Security researchers discovered a
-<a
href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
-vulnerability in diagnostic dongles used for vehicle tracking and
-insurance</a> that let them take remote control of a car or
-lorry using an SMS.
-</p>
-</li>
+<span class="removed"><del><strong><li></strong></del></span>
-<li>
+ <span class="inserted"><ins><em><li id="M201508120"></em></ins></span>
+ <p>Security researchers discovered a <a
+
href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
+ vulnerability in diagnostic dongles used for vehicle tracking and
+ insurance</a> that let them take remote control of a car or lorry
+ using an <span class="removed"><del><strong>SMS.
+</p></strong></del></span> <span
class="inserted"><ins><em>SMS.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li>
<p>
-Crackers were able to
-<a
href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">take
remote control of the Jeep</a>
-“connected car”.
-<br/>They could track the car, start or stop the engine, and
-activate or deactivate the brakes, and more.
+Crackers</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201507214">
+ <p>Crackers</em></ins></span> were able to <a <span
class="removed"><del><strong>href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">take</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">
+ take</em></ins></span> remote control of the Jeep</a>
“connected car”.
+<span class="removed"><del><strong><br/>They</strong></del></span> <span
class="inserted"><ins><em>They</em></ins></span>
+ could track the car, start or stop the engine, and activate or
+ deactivate the brakes, and <span class="removed"><del><strong>more.
</p>
<p>
-I expect that Chrysler and the NSA can do this too.
+I</strong></del></span> <span class="inserted"><ins><em>more.</p>
+
+ <p>I</em></ins></span> expect that Chrysler and the NSA can do this
<span class="removed"><del><strong>too.
</p>
<p>
-If I ever own a car, and it contains a portable phone, I will
-deactivate that.
-</p>
-</li>
+If</strong></del></span> <span class="inserted"><ins><em>too.</p>
-<li>
+ <p>If</em></ins></span> I ever own a car, and it contains a portable
phone, I will
+ deactivate <span class="removed"><del><strong>that.
+</p></strong></del></span> <span
class="inserted"><ins><em>that.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li>
<p>
-Hospira infusion pumps, which are used to administer drugs to
-a patient, were rated
+Hospira infusion pumps, which are used to administer
drugs</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201506080">
+ <p>Due</em></ins></span> to <span class="inserted"><ins><em>bad
security in</em></ins></span> a <span class="removed"><del><strong>patient,
were rated
“<a
-href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least
-secure IP device I've ever seen</a>”
-by a security researcher.
-</p>
-<p>
-Depending on what drug is being infused, the insecurity could
-open the door to murder.
-</p>
-</li>
+href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least</strong></del></span>
<span class="inserted"><ins><em>drug pump, crackers could use it to <a
+
href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">
+ kill patients</a>.</p>
+ </li>
-<li>
+ <li id="M201505294">
+ <p><a
+
href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
+ Many smartphone apps use insecure authentication methods when storing
+ your personal data on remote servers</a>. This leaves personal
+ information like email addresses, passwords, and health information
+ vulnerable. Because many of these apps are proprietary it makes it
+ hard to impossible to know which apps are at risk.</p>
+ </li>
+
+ <li id="M201505050">
+ <p>Hospira infusion pumps, which are used
+ to administer drugs to a patient, were rated “<a
+
href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least</em></ins></span>
+ secure IP device I've ever seen</a>” by a security <span
class="removed"><del><strong>researcher.
+</p>
+<p>
+Depending</strong></del></span>
+ <span class="inserted"><ins><em>researcher.</p>
+
+ <p>Depending</em></ins></span> on what drug is being infused, the
insecurity could open
+ the door to <span class="removed"><del><strong>murder.
+</p></strong></del></span> <span
class="inserted"><ins><em>murder.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li>
<p>
Due to bad security in a drug pump, crackers could use it to
<a
href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">kill
patients</a>.
@@ -430,11 +665,15 @@
</li>
<li>
-<p>
-<a
href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+<p></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201504090">
+ <p>Mac OS X had an</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
The NSA can tap data in smart phones, including iPhones, Android, and
BlackBerry</a>. While there is not much detail here, it seems that
-this does not operate via the universal back door that we know nearly
+this does not operate via the universal</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
+ intentional local</em></ins></span> back door <span
class="removed"><del><strong>that we know nearly
all portable phones have. It may involve exploiting various bugs.
There
are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
@@ -456,7 +695,7 @@
<li>
<p><a
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
-The FTC punished a company for making webcams with bad security so
+The FTC punished a company</strong></del></span> for <span
class="removed"><del><strong>making webcams with bad security so
that it was easy for anyone to watch them</a>.
</p>
</li>
@@ -476,13 +715,13 @@
It is possible to kill people by taking control of medical implants by
radio</a>. Here
is <a href="http://www.bbc.co.uk/news/technology-17631838">more
-information</a>. And <a <span
class="removed"><del><strong>href="http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">here</a>.</strong></del></span>
-<span
class="inserted"><ins><em>href="https://web.archive.org/web/20180203130244/http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">here</a>.</em></ins></span>
+information</a>. And <a
+href="https://web.archive.org/web/20180203130244/http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">here</a>.
</p>
</li>
<li>
-<p>Lots of <a
href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">hospital
equipment has lousy security</a>, and it can be fatal.
+<p>Lots of <a
href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">hospital
equipment has lousy security</a>, and it can</strong></del></span> <span
class="inserted"><ins><em>4 years</a>, which could</em></ins></span> be
<span class="removed"><del><strong>fatal.
</p>
</li>
@@ -491,53 +730,154 @@
Point-of-sale terminals running Windows were taken over and turned
into a botnet for the purpose of collecting customers' credit card
numbers</a>.
-</p>
-</li>
+</p></strong></del></span> <span class="inserted"><ins><em>exploited
+ by attackers to gain root privileges.</p></em></ins></span>
+ </li>
-<li>
-<p>An app to prevent “identity theft” (access to personal
data)
-by storing users' data on a special server
-<a
href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was
-deactivated by its developer</a> which had discovered a security flaw.
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201405190"></em></ins></span>
+ <p>An app to prevent “identity theft”
+ (access to personal data) by storing users' data on a special server <a
+
href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was
+ deactivated by its developer</a> which had discovered a security
<span class="removed"><del><strong>flaw.
</p>
<p>
-That developer seems to be conscientious about protecting personal
-data from third parties in general, but it can't protect that data
-from the state. Quite the contrary: confiding your data to someone
+That</strong></del></span>
+ <span class="inserted"><ins><em>flaw.</p>
+
+ <p>That</em></ins></span> developer seems to be conscientious about
protecting personal
+ data from third parties in general, but it can't protect that data
+ from the state. Quite the <span class="removed"><del><strong>contrary:
confiding your data to someone
else's server, if not first encrypted by you with free software,
undermines your rights.
-</p>
-</li>
+</p></strong></del></span> <span class="inserted"><ins><em>contrary:
confiding your data to someone
+ else's server, if not first encrypted by you with free software,
+ undermines your rights.</p>
+ </li>
+
+ <li id="M201404250">
+ <p>Lots of <a
+ href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">
+ hospital equipment has lousy security</a>, and it can be
fatal.</p>
+ </li>
+
+ <li id="M201402210">
+ <p>The <a
+
href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity
+ of WhatsApp</a> makes eavesdropping a snap.</p>
+ </li>
+
+ <li id="M201312290">
+ <p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some
flash
+ memories have modifiable software</a>, which makes them vulnerable
+ to viruses.</p>
+
+ <p>We don't call this a “back door” because it is normal
+ that you can install a new system in a computer, given physical access
+ to it. However, memory sticks and cards should not be modifiable in
+ this way.</p>
+ </li>
-<li>
-<p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some flash
+ <li id="M201312040">
+ <p><a
+
href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
+ Point-of-sale terminals running Windows were taken over</a> and
+ turned into a botnet for the purpose of collecting customers' credit
+ card numbers.</p>
+ </li>
+
+ <li id="M201311120">
+ <p><a
+
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones,
+ Android, and BlackBerry</a>. While there is not much
+ detail here, it seems that this does not operate via
+ the universal back door that we know nearly all portable
+ phones have. It may involve exploiting various bugs. There are <a
+
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots of bugs in the phones' radio
software</a>.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201309054"></em></ins></span>
+ <p><a <span
class="removed"><del><strong>href="http://www.bunniestudios.com/blog/?p=3554">
Some flash
memories have modifiable software</a>, which makes them vulnerable to
viruses.</p>
-<p>We don't call this a “back door” because it is normal
-that you can install a new system in a computer given physical access
-to it. However, memory sticks and cards should not be modifiable in
-this way.</p>
-</li>
-
-<li>
-<p><a href="http://spritesmods.com/?art=hddhack&page=6">
Replaceable
-nonfree software in disk drives can be written by a nonfree
-program.</a> This makes any system vulnerable to persistent attacks
-that normal forensics won't detect.</p>
-</li>
+<p>We</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security">The
+ NSA has put back doors into nonfree encryption software</a>.
We</em></ins></span> don't <span class="removed"><del><strong>call this a
“back door” because it is normal</strong></del></span>
+ <span class="inserted"><ins><em>know which ones they are, but we can be
sure they include some widely
+ used systems. This reinforces the point</em></ins></span> that you can
<span class="removed"><del><strong>install a new system
in</strong></del></span> <span class="inserted"><ins><em>never trust
+ the security of nonfree software.</p>
+ </li>
+
+ <li id="M201309050">
+ <p>The FTC punished</em></ins></span> a <span
class="removed"><del><strong>computer given physical
access</strong></del></span> <span class="inserted"><ins><em>company for making
webcams with <a
+
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
+ bad security so that it was easy for anyone</em></ins></span> to <span
class="removed"><del><strong>it. However, memory sticks and cards should not
be modifiable in
+this way.</p></strong></del></span> <span
class="inserted"><ins><em>watch through
+ them</a>.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201308060"></em></ins></span>
+ <p><a href="http://spritesmods.com/?art=hddhack&page=6">
+ Replaceable nonfree software in disk drives can be written by a
+ nonfree
+<span class="removed"><del><strong>program.</a></strong></del></span>
<span class="inserted"><ins><em>program</a>.</em></ins></span> This makes
any system vulnerable to persistent
+ attacks that normal forensics won't detect.</p>
+ </li>
-<li>
+<span class="removed"><del><strong><li>
<p><a
href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
Many smartphone apps use insecure authentication methods when storing
your personal data on remote servers.</a>
-This leaves personal information like email addresses, passwords, and health
information vulnerable. Because many
-of these apps are proprietary it makes it hard to impossible to know which
apps are at risk.</p>
-</li>
+This leaves personal</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201307270">
+ <p> It is possible to <a
+
href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">
+ kill people by taking control of medical
+ implants by radio</a>. More</em></ins></span> information <span
class="removed"><del><strong>like email addresses,
passwords,</strong></del></span> <span class="inserted"><ins><em>in <a
+ href="http://www.bbc.co.uk/news/technology-17631838">BBC
+ News</a></em></ins></span> and <span
class="removed"><del><strong>health information vulnerable. Because many
+of these apps are proprietary it makes it hard</strong></del></span> <span
class="inserted"><ins><em><a
+
href="https://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">
+ IOActive Labs Research blog</a>.</p>
+ </li>
+ <li id="M201307260">
+ <p><a
+
href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
+ “Smart homes”</a> turn out</em></ins></span> to <span
class="removed"><del><strong>impossible</strong></del></span> <span
class="inserted"><ins><em>be stupidly vulnerable</em></ins></span> to <span
class="removed"><del><strong>know which apps</strong></del></span>
+ <span class="inserted"><ins><em>intrusion.</p>
+ </li>
+
+ <li id="M201212170">
+ <p id="break-security-smarttv"><a
+
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
+ Crackers found a way to break security on a “smart”
TV</a>
+ and use its camera to watch the people who</em></ins></span> are <span
class="removed"><del><strong>at risk.</p></strong></del></span> <span
class="inserted"><ins><em>watching TV.</p>
+ </li>
+
+ <li id="M201103110">
+ <p>It is possible to <a
+
href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">
+ take control of some car computers through malware in music
files</a>.
+ Also <a
+ href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">
+ by radio</a>. More information in <a
+ href="http://www.autosec.org/faq.html"> Automotive Security And
+ Privacy Center</a>.</p></em></ins></span>
+ </li>
</ul>
+
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer">
@@ -588,15 +928,14 @@
<p>Copyright © 2013, 2015, 2016, 2017, 2018 Free Software
Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
-<span
class="removed"><del><strong>href="http://creativecommons.org/licenses/by-nd/4.0/">Creative</strong></del></span>
-<span
class="inserted"><ins><em>href="http://creativecommons.org/licenses/by/4.0/">Creative</em></ins></span>
-Commons <span
class="removed"><del><strong>Attribution-NoDerivatives</strong></del></span>
<span class="inserted"><ins><em>Attribution</em></ins></span> 4.0 International
License</a>.</p>
+href="http://creativecommons.org/licenses/by/4.0/">Creative
+Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/08/04 15:59:31 $
+$Date: 2018/11/17 17:27:57 $
<!-- timestamp end -->
</p>
</div>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary proprietary-insecurity.de.html ...,
GNUN <=