[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-amazon.html malware-app...
|
From: |
Therese Godefroy |
|
Subject: |
www/proprietary malware-amazon.html malware-app... |
|
Date: |
Mon, 4 Mar 2019 03:28:43 -0500 (EST) |
CVSROOT: /webcvs/www
Module name: www
Changes by: Therese Godefroy <th_g> 19/03/04 03:28:43
Modified files:
proprietary : malware-amazon.html malware-appliances.html
proprietary-insecurity.html proprietary.html
proprietary/workshop: mal.rec
Log message:
Vulnerability in Ring camera (RT #1365737).
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-amazon.html?cvsroot=www&r1=1.24&r2=1.25
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-appliances.html?cvsroot=www&r1=1.72&r2=1.73
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.html?cvsroot=www&r1=1.100&r2=1.101
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary.html?cvsroot=www&r1=1.90&r2=1.91
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/mal.rec?cvsroot=www&r1=1.50&r2=1.51
Patches:
Index: malware-amazon.html
===================================================================
RCS file: /webcvs/www/www/proprietary/malware-amazon.html,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -b -r1.24 -r1.25
--- malware-amazon.html 4 Feb 2019 07:16:06 -0000 1.24
+++ malware-amazon.html 4 Mar 2019 08:28:43 -0000 1.25
@@ -152,6 +152,34 @@
<h3 id="misc"> Malware in other products</h3>
<ul class="blurbs">
+ <li id="M201902270">
+ <p>The Ring (now Amazon) doorbell camera is designed so that the
+ manufacturer (now Amazon) can watch all the time. Now it turns out
+ that <a href="https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/";>
+ anyone else can also watch, and fake videos too</a>.</p>
+
+ <p>The third party vulnerability is presumably
+ unintentional and I suppose Amazon will fix it. I
+ do not expect Amazon to change the design that <a
+ href="/proprietary/proprietary-surveillance.html#M201901100">allows
+ Amazon to watch</a>.</p>
+ </li>
+
+ <li id="M201901100">
+ <p>Amazon Ring “security” devices <a
+
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/";>
+ send the video they capture to Amazon servers</a>, which save it
+ long-term.</p>
+
+ <p>In many cases, the video shows everyone that comes near, or merely
+ passes by, the user's front door.</p>
+
+ <p>The article focuses on how Ring used to let individual employees look
+ at the videos freely. It appears Amazon has tried to prevent that
+ secondary abuse, but the primary abuse—that Amazon gets the
+ video—Amazon expects society to surrender to.</p>
+ </li>
+
<li id="M201711200">
<p>Amazon recently invited consumers to be suckers and <a
href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo";>
@@ -224,7 +252,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2019/02/04 07:16:06 $
+$Date: 2019/03/04 08:28:43 $
<!-- timestamp end -->
</p>
</div>
Index: malware-appliances.html
===================================================================
RCS file: /webcvs/www/www/proprietary/malware-appliances.html,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -b -r1.72 -r1.73
--- malware-appliances.html 28 Feb 2019 21:46:58 -0000 1.72
+++ malware-appliances.html 4 Mar 2019 08:28:43 -0000 1.73
@@ -47,6 +47,19 @@
<div class="column-limit" id="malware-appliances"></div>
<ul class="blurbs">
+ <li id="M201902270">
+ <p>The Ring (now Amazon) doorbell camera is designed so that the
+ manufacturer (now Amazon) can watch all the time. Now it turns out
+ that <a href="https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/";>
+ anyone else can also watch, and fake videos too</a>.</p>
+
+ <p>The third party vulnerability is presumably
+ unintentional and I suppose Amazon will fix it. I
+ do not expect Amazon to change the design that <a
+ href="/proprietary/proprietary-surveillance.html#M201901100">allows
+ Amazon to watch</a>.</p>
+ </li>
+
<li id="M201902080">
<p>The HP <a
href="https://boingboing.net/2019/02/08/inkjet-dystopias.html";>
@@ -872,7 +885,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2019/02/28 21:46:58 $
+$Date: 2019/03/04 08:28:43 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary-insecurity.html
===================================================================
RCS file: /webcvs/www/www/proprietary/proprietary-insecurity.html,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -b -r1.100 -r1.101
--- proprietary-insecurity.html 4 Feb 2019 07:16:06 -0000 1.100
+++ proprietary-insecurity.html 4 Mar 2019 08:28:43 -0000 1.101
@@ -53,6 +53,19 @@
<div class="column-limit" id="proprietary-insecurity"></div>
<ul class="blurbs">
+ <li id="M201902270">
+ <p>The Ring (now Amazon) doorbell camera is designed so that the
+ manufacturer (now Amazon) can watch all the time. Now it turns out
+ that <a href="https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/";>
+ anyone else can also watch, and fake videos too</a>.</p>
+
+ <p>The third party vulnerability is presumably
+ unintentional and I suppose Amazon will fix it. I
+ do not expect Amazon to change the design that <a
+ href="/proprietary/proprietary-surveillance.html#M201901100">allows
+ Amazon to watch</a>.</p>
+ </li>
+
<li id="M201809240">
<p>Researchers have discovered how to <a
href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co";>
@@ -631,7 +644,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2019/02/04 07:16:06 $
+$Date: 2019/03/04 08:28:43 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary.html
===================================================================
RCS file: /webcvs/www/www/proprietary/proprietary.html,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -b -r1.90 -r1.91
--- proprietary.html 4 Mar 2019 07:31:23 -0000 1.90
+++ proprietary.html 4 Mar 2019 08:28:43 -0000 1.91
@@ -146,6 +146,19 @@
<h3 id="latest">Latest additions</h3>
<ul class="blurbs">
+ <li id="M201902270">
+ <p>The Ring (now Amazon) doorbell camera is designed so that the
+ manufacturer (now Amazon) can watch all the time. Now it turns out
+ that <a href="https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/";>
+ anyone else can also watch, and fake videos too</a>.</p>
+
+ <p>The third party vulnerability is presumably
+ unintentional and I suppose Amazon will fix it. I
+ do not expect Amazon to change the design that <a
+ href="/proprietary/proprietary-surveillance.html#M201901100">allows
+ Amazon to watch</a>.</p>
+ </li>
+
<li id="M201902140">
<p>The AppCensus database gives information on <a
href="https://www.appcensus.mobi";> how Android apps use and
@@ -208,30 +221,6 @@
<p>However, modification of the client program could cover up some
addictive behaviors without losing the user anything.</p>
</li>
-
- <li id="M201901070">
- <p>Vizio TVs <a
-
href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019";>
- collect “whatever the TV sees,”</a> in the own words of the
company's
- CTO, and this data is sold to third parties. This is in return for
- “better service” (meaning more intrusive ads?) and slightly
- lower retail prices.</p>
-
- <p>What is supposed to make this spying acceptable, according to him,
- is that it is opt-in in newer models. But since the Vizio software is
- nonfree, we don't know what is actually happening behind the scenes,
- and there is no guarantee that all future updates will leave the
- settings unchanged.</p>
-
- <p>If you already own a Vizio smart TV (or any smart TV, for that
- matter), the easiest way to make sure it isn't spying on you is
- to disconnect it from the Internet, and use a terrestrial antenna
- instead. Unfortunately, this is not always possible. Another option,
- if you are technically oriented, is to get your own router (which can
- be an old computer running completely free software), and set up a
- firewall to block connections to Vizio's servers. Or, as a last resort,
- you can replace your TV with another model.</p>
- </li>
</ul>
@@ -292,7 +281,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2019/03/04 07:31:23 $
+$Date: 2019/03/04 08:28:43 $
<!-- timestamp end -->
</p>
</div>
Index: workshop/mal.rec
===================================================================
RCS file: /webcvs/www/www/proprietary/workshop/mal.rec,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -b -r1.50 -r1.51
--- workshop/mal.rec 4 Mar 2019 07:31:23 -0000 1.50
+++ workshop/mal.rec 4 Mar 2019 08:28:43 -0000 1.51
@@ -26,6 +26,25 @@
# ADD NEW BLURB HERE
Added: 2019-03-04
+Id: 201902270
+RT: 1365737
+PubDate: 2019-02-27
+Target: proprietary-insecurity.html proprietary-insecurity
+Target: malware-amazon.html misc
+Target: malware-appliances.html malware-appliances
+Keywords: ring
+Blurb: <p>The Ring (now Amazon) doorbell camera is designed so that the
++ manufacturer (now Amazon) can watch all the time. Now it turns out
++ that <a href="https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/";>
++ anyone else can also watch, and fake videos too</a>.</p>
++
++ <p>The third party vulnerability is presumably
++ unintentional and I suppose Amazon will fix it. I
++ do not expect Amazon to change the design that <a
++ href="/proprietary/proprietary-surveillance.html#M201901100">allows
++ Amazon to watch</a>.</p>
+
+Added: 2019-03-04
Id: 201902140
RT: www-discuss 2019-03-04 (these-android-apps-have-been-tracking-you...)
PubDate: 2019-02-14
@@ -389,7 +408,8 @@
PubDate: 2019-01-10
Target: proprietary-surveillance.html SpywareInCameras
Target: malware-appliances.html malware-appliances
-Keywords: ring amazon
+Target: malware-amazon.html misc
+Keywords: ring
Blurb: <p>Amazon Ring “security” devices <a
+
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/";>
+ send the video they capture to Amazon servers</a>, which save it
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary malware-amazon.html malware-app...,
Therese Godefroy <=