[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-insecurity.ja.html ...
|
From: |
GNUN |
|
Subject: |
www/proprietary proprietary-insecurity.ja.html ... |
|
Date: |
Tue, 21 Jun 2016 18:29:02 +0000 (UTC) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 16/06/21 18:29:02
Modified files:
proprietary : proprietary-insecurity.ja.html
Added files:
proprietary/po : proprietary-insecurity.ja-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.ja.html?cvsroot=www&r1=1.12&r2=1.13
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-insecurity.ja-diff.html?cvsroot=www&rev=1.1
Patches:
Index: proprietary-insecurity.ja.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-insecurity.ja.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -b -r1.12 -r1.13
--- proprietary-insecurity.ja.html 14 Apr 2016 07:49:28 -0000 1.12
+++ proprietary-insecurity.ja.html 21 Jun 2016 18:29:01 -0000 1.13
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE"
value="/proprietary/proprietary-insecurity.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/proprietary-insecurity.ja.po">
+ http://www.gnu.org/proprietary/po/proprietary-insecurity.ja.po</a>'
+ --><!--#set var="ORIGINAL_FILE"
value="/proprietary/proprietary-insecurity.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/proprietary-insecurity.ja-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2016-04-22" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/proprietary-insecurity.en.html" -->
<!--#include virtual="/server/header.ja.html" -->
<!-- Parent-Version: 1.77 -->
@@ -8,6 +13,7 @@
<!--#include virtual="/proprietary/po/proprietary-insecurity.translist" -->
<!--#include virtual="/server/banner.ja.html" -->
+<!--#include virtual="/server/outdated.ja.html" -->
<h2>ãããã©ã¤ã¨ã¿ãªã®å±éºæ§</h2>
<a
href="/philosophy/proprietary.html">ã»ãã®ãããã©ã¤ã¨ã¿ãªã»ãã«ã¦ã§ã¢ã®ä¾</a>
@@ -241,7 +247,7 @@
<p class="unprintable"><!-- timestamp start -->
æçµæ´æ°:
-$Date: 2016/04/14 07:49:28 $
+$Date: 2016/06/21 18:29:01 $
<!-- timestamp end -->
</p>
Index: po/proprietary-insecurity.ja-diff.html
===================================================================
RCS file: po/proprietary-insecurity.ja-diff.html
diff -N po/proprietary-insecurity.ja-diff.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ po/proprietary-insecurity.ja-diff.html 21 Jun 2016 18:29:02 -0000
1.1
@@ -0,0 +1,351 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<!-- Generated by GNUN -->
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>/proprietary/proprietary-insecurity.html-diff</title>
+<style type="text/css">
+span.removed { background-color: #f22; color: #000; }
+span.inserted { background-color: #2f2; color: #000; }
+</style></head>
+<body><pre>
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: <span
class="removed"><del><strong>1.77</strong></del></span> <span
class="inserted"><ins><em>1.79</em></ins></span> -->
+<title>Proprietary Insecurity
+- GNU Project - Free Software Foundation</title>
+ <!--#include virtual="/proprietary/po/proprietary-insecurity.translist"
-->
+<!--#include virtual="/server/banner.html" -->
+<h2>Proprietary Insecurity</h2>
+
+<a <span
class="removed"><del><strong>href="/philosophy/proprietary.html">Other</strong></del></span>
<span
class="inserted"><ins><em>href="/proprietary/proprietary.html">Other</em></ins></span>
examples of proprietary malware</a>
+
+<p>This page lists clearly established cases of insecurity in
+proprietary software that has grave consequences or is otherwise
+noteworthy.</p>
+
+<p>It would be incorrect to compare proprietary software with a
+fictitious idea of free software as perfect. Every nontrivial program
+has bugs, and any system, free or proprietary, may have security
+holes. That in itself is not culpable. But proprietary software
+developers frequently disregard gaping holes, or even introduce them
+deliberately, and <em>the users are helpless to fix
them</em>.</p>
+
+<ul>
+<li>
+<span class="inserted"><ins><em><p>Over 70 brands of network-connected
surveillance
+cameras <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">have
+security bugs that allow anyone to watch through them</a>.</p>
+</li>
+
+<li>
+<p>
+Samsung's “Smart Home” has a big security
+hole; <a
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">unauthorized
+people can remotely control it</a>.</p>
+
+<p>Samsung claims that this is an “open” platform so the
+problem is partly the fault of app developers. That is clearly true if
+the apps are proprietary software.</p>
+
+<p>Anything whose name is “Smart” is most likely going to
+screw you.</p>
+</li>
+
+<li>
+<p>
+The Nissan Leaf has a built-in cell phone modem which allows
+effectively
+anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+access its computers remotely and make changes in various
+settings</a>.</p>
+
+<p>That's easy to do because the system has no authentication when
+accessed through the modem. However, even if it asked for
+authentication, you couldn't be confident that Nissan has no
+access. The software in the car is
+proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
+means it demands blind faith from its users</a>.</p>
+
+<p>Even if no one connects to the car remotely, the cell phone modem
+enables the phone company to track the car's movements all the time;
+it is possible to physically remove the cell phone modem though.</p>
+</li>
+
+<li>
+<p>
+Malware found
+on <a
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">security
+cameras available through Amazon</a>.
+</p>
+
+<p>A camera that records locally on physical media, and has no network
+ connection, does not threaten people with surveillance—neither by
+ watching people through the camera, nor through malware in the camera.
+</p>
+</li>
+
+<li></em></ins></span>
+<p>A bug in the iThings Messages
+app <a
href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed
+a malicious web site to extract all the user's messaging history</a>.
+</p>
+</li>
+
+<li>
+<p>Many proprietary payment apps <a
+href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">
+transmit personal data in an insecure way</a>.
+However, the worse aspect of these apps is that
+<a href="/philosophy/surveillance-vs-democracy.html">payment is not
anonymous</a>.
+</p>
+</li>
+
+<li>
+<p>
+FitBit fitness trackers <a
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
+have a Bluetooth vulnerability</a> that allows
+attackers to send malware to the devices, which can subsequently spread
+to computers and other FitBit trackers that interact with them.
+</p>
+</li>
+
+<li>
+<p>
+“Self-encrypting” disk drives do the encryption with proprietary
+firmware so you can't trust it. Western Digital's “My Passport”
+drives
+<a
href="https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">have
a back door</a>.
+</p>
+</li>
+
+<li>
+<p>
+Mac OS X had an
+<a
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
+intentional local back door for 4 years</a>, which could be
+exploited by attackers to gain root privileges.
+</p>
+</li>
+
+<li>
+<p>Security researchers discovered a
+<a
href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
+vulnerability in diagnostic dongles used for vehicle tracking and
+insurance</a> that let them take remote control of a car or
+lorry using an SMS.
+</p>
+</li>
+
+<li>
+<p>
+Crackers were able to
+<a
href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">take
remote control of the Jeep</a>
+“connected car”.
+<br/>They could track the car, start or stop the engine, and
+activate or deactivate the brakes, and more.
+</p>
+<p>
+I expect that Chrysler and the NSA can do this too.
+</p>
+<p>
+If I ever own a car, and it contains a portable phone, I will
+deactivate that.
+</p>
+</li>
+
+<li>
+<p>
+Hospira infusion pumps, which are used to administer drugs to
+a patient, were rated
+“<a
+href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least
+secure IP device I've ever seen</a>”
+by a security researcher.
+</p>
+<p>
+Depending on what drug is being infused, the insecurity could
+open the door to murder.
+</p>
+</li>
+
+<li>
+<p>
+Due to bad security in a drug pump, crackers could use it to
+<a
href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">kill
patients</a>.
+</p>
+</li>
+
+<li>
+<p>
+<a
href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+The NSA can tap data in smart phones, including iPhones, Android, and
+BlackBerry</a>. While there is not much detail here, it seems that
+this does not operate via the universal back door that we know nearly
+all portable phones have. It may involve exploiting various bugs.
+There
+are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+lots of bugs in the phones' radio software</a>.
+</p>
+</li>
+
+<li>
+<p><a
href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
+“Smart homes”</a> turn out to be stupidly vulnerable to
+intrusion.</p>
+</li>
+
+<li>
+<p>The
+<a
href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity
of WhatsApp</a>
+makes eavesdropping a snap.</p>
+</li>
+
+<li>
+<p><a
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
+The FTC punished a company for making webcams with bad security so
+that it was easy for anyone to watch them</a>.
+</p>
+</li>
+
+<li>
+<p><a
href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">
+It is possible to take control of some car computers through malware
+in music files</a>.
+Also <a
href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">by
+radio</a>. Here is <a href="http://www.autosec.org/faq.html">more
+information</a>.
+</p>
+</li>
+
+<li>
+<p><a
href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">
+It is possible to kill people by taking control of medical implants by
+radio</a>. Here
+is <a href="http://www.bbc.co.uk/news/technology-17631838">more
+information</a>. And <a
href="http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">here</a>.
+</p>
+</li>
+
+<li>
+<p>Lots of <a
href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">hospital
equipment has lousy security</a>, and it can be fatal.
+</p>
+</li>
+
+<li>
+<p><a
href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
+Point-of-sale terminals running Windows were taken over and turned
+into a botnet for the purpose of collecting customers' credit card
+numbers</a>.
+</p>
+</li>
+
+<li>
+<p>An app to prevent “identity theft” (access to personal
data)
+by storing users' data on a special server
+<a
href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was
+deactivated by its developer</a> which had discovered a security flaw.
+</p>
+
+<p>
+That developer seems to be conscientious about protecting personal
+data from third parties in general, but it can't protect that data
+from the state. Quite the contrary: confiding your data to someone
+else's server, if not first encrypted by you with free software,
+undermines your rights.
+</p>
+</li>
+
+<li>
+<p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some flash
+memories have modifiable software</a>, which makes them vulnerable to
+viruses.</p>
+
+<p>We don't call this a “back door” because it is normal
+that you can install a new system in a computer given physical access
+to it. However, memory sticks and cards should not be modifiable in
+this way.</p>
+</li>
+
+<li>
+<p><a href="http://spritesmods.com/?art=hddhack&page=6">
Replaceable
+nonfree software in disk drives can be written by a nonfree
+program.</a> This makes any system vulnerable to persistent attacks
+that normal forensics won't detect.</p>
+</li>
+
+<li>
+<p><a
href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
+Many smartphone apps use insecure authentication methods when storing
+your personal data on remote servers.</a>
+This leaves personal information like email addresses, passwords, and health
information vulnerable. Because many
+of these apps are proprietary it makes it hard to impossible to know which
apps are at risk.</p>
+</li>
+
+</ul>
+
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+<div class="unprintable">
+
+<p>Please send general FSF & GNU inquiries to
+<a href="mailto:address@hidden"><address@hidden></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a
href="mailto:address@hidden"><address@hidden></a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:address@hidden">
+ <address@hidden></a>.</p>
+
+ <p>For information on coordinating and submitting translations of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and submitting translations
+of this article.</p>
+</div>
+
+<!-- Regarding copyright, in general, standalone pages (as opposed to
+ files generated as part of manuals) on the GNU web server should
+ be under CC BY-ND 4.0. Please do NOT change or remove this
+ without talking with the webmasters or licensing team first.
+ Please make sure the copyright date is consistent with the
+ document. For web pages, it is ok to list just the latest year the
+ document was modified, or published.
+
+ If you wish to list earlier years, that is ok too.
+ Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+ years, as long as each year in the range is in fact a copyrightable
+ year, i.e., a year in which the document was published (including
+ being publicly visible on the web or in a revision control system).
+
+ There is more detail about copyright years in the GNU Maintainers
+ Information document, www.gnu.org/prep/maintain. -->
+
+<p>Copyright © 2013, 2015, 2016 Free Software Foundation,
Inc.</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International
License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2016/06/21 18:29:02 $
+<!-- timestamp end -->
+</p>
+</div>
+</div>
+</body>
+</html>
+</pre></body></html>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary proprietary-insecurity.ja.html ...,
GNUN <=