[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-insecurity.de.html ...
|
From: |
GNUN |
|
Subject: |
www/proprietary proprietary-insecurity.de.html ... |
|
Date: |
Tue, 6 Sep 2016 22:58:19 +0000 (UTC) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 16/09/06 22:58:19
Modified files:
proprietary : proprietary-insecurity.de.html
proprietary/po : proprietary-insecurity.de-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.de.html?cvsroot=www&r1=1.10&r2=1.11
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-insecurity.de-diff.html?cvsroot=www&r1=1.1&r2=1.2
Patches:
Index: proprietary-insecurity.de.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-insecurity.de.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -b -r1.10 -r1.11
--- proprietary-insecurity.de.html 18 May 2016 16:01:17 -0000 1.10
+++ proprietary-insecurity.de.html 6 Sep 2016 22:58:18 -0000 1.11
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE"
value="/proprietary/proprietary-insecurity.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/proprietary-insecurity.de.po">
+ https://www.gnu.org/proprietary/po/proprietary-insecurity.de.po</a>'
+ --><!--#set var="ORIGINAL_FILE"
value="/proprietary/proprietary-insecurity.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/proprietary-insecurity.de-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2016-07-08" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/proprietary-insecurity.en.html" -->
<!--#include virtual="/server/header.de.html" -->
<!-- Parent-Version: 1.79 -->
@@ -8,6 +13,7 @@
<!--#include virtual="/proprietary/po/proprietary-insecurity.translist" -->
<!--#include virtual="/server/banner.de.html" -->
+<!--#include virtual="/server/outdated.de.html" -->
<h2>Proprietäre Unsicherheit</h2>
<a href="/proprietary/">Weitere Beispiele proprietärer Schadsoftware</a>
@@ -433,7 +439,7 @@
<p class="unprintable"><!-- timestamp start -->
Aktualisierung:
-$Date: 2016/05/18 16:01:17 $
+$Date: 2016/09/06 22:58:18 $
<!-- timestamp end -->
</p>
Index: po/proprietary-insecurity.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-insecurity.de-diff.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- po/proprietary-insecurity.de-diff.html 8 Jul 2015 08:06:17 -0000
1.1
+++ po/proprietary-insecurity.de-diff.html 6 Sep 2016 22:58:19 -0000
1.2
@@ -11,14 +11,14 @@
</style></head>
<body><pre>
<!--#include virtual="/server/header.html" -->
-<!-- Parent-Version: 1.77 -->
+<!-- Parent-Version: 1.79 -->
<title>Proprietary Insecurity
- GNU Project - Free Software Foundation</title>
<!--#include virtual="/proprietary/po/proprietary-insecurity.translist"
-->
<!--#include virtual="/server/banner.html" -->
<h2>Proprietary Insecurity</h2>
-<a href="/philosophy/proprietary.html">Other examples of proprietary
malware</a>
+<a href="/proprietary/proprietary.html">Other examples of proprietary
malware</a>
<p>This page lists clearly established cases of insecurity in
proprietary software that has grave consequences or is otherwise
@@ -27,15 +27,180 @@
<p>It would be incorrect to compare proprietary software with a
fictitious idea of free software as perfect. Every nontrivial program
has bugs, and any system, free or proprietary, may have security
-holes. But proprietary software developers frequently disregard
-gaping holes, or even introduce them deliberately, and <em>the users
-are helpless to fix them</em>.</p>
+holes. That in itself is not culpable. But proprietary software
+developers frequently disregard gaping holes, or even introduce them
+deliberately, and <em>the users are helpless to fix
them</em>.</p>
<ul>
+<li>
+<span class="inserted"><ins><em><p>Due to weak security, <a
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
+is easy to open the doors of 100 million cars built by
Volkswagen</a>.</p>
+</li>
+
+<li>
+<p>Ransomware <a
href="https://www.pentestpartners.com/blog/thermostat-ransomware-a-lesson-in-iot-security/">has
+been developed for a thermostat that uses proprietary
software</a>.</p>
+</li>
+
+<li>
+<p>A <a
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
in
+Internet Explorer and Edge</a> allows an attacker to retrieve
+Microsoft account credentials, if the user is tricked into visiting a
+malicious link.</p>
+</li>
+
+<li>
+<p><a
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“Deleted”
+WhatsApp messages are not entirely deleted</a>. They can be recovered
+in various ways.
+</p>
+</li>
+
+<li>
+<p>A vulnerability in Apple's Image I/O API allowed an attacker to
+<a
href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">execute
+ malacious code from any application which uses this API to render a
+ certain kind of image file</a>.</p>
+</li>
+<li>
+<p>A bug in a proprietary ASN.1 library, used in cell phone towers as
+well as cell phones and
+routers, <a
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">allows
+taking control of those systems</a>.</p>
+</li>
+
+<li>
+<p>Antivirus programs have so many errors
+ that <a
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">they
+ may make security worse</a>.</p>
+<p>GNU/Linux does not need antivirus software.</p>
+</li>
+
+<li></em></ins></span>
+<p>Over 70 brands of network-connected surveillance
+cameras <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">have
+security bugs that allow anyone to watch through them</a>.</p>
+</li>
+
+<li>
+<p>
+Samsung's “Smart Home” has a big security
+hole; <a
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">unauthorized
+people can remotely control it</a>.</p>
+
+<p>Samsung claims that this is an “open” platform so the
+problem is partly the fault of app developers. That is clearly true if
+the apps are proprietary software.</p>
+
+<p>Anything whose name is “Smart” is most likely going to
+screw you.</p>
+</li>
<li>
<p>
-<span class="inserted"><ins><em>Hospira infusion pumps, which are used to
administer drugs to
+The Nissan Leaf has a built-in cell phone modem which allows
+effectively
+anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+access its computers remotely and make changes in various
+settings</a>.</p>
+
+<p>That's easy to do because the system has no authentication when
+accessed through the modem. However, even if it asked for
+authentication, you couldn't be confident that Nissan has no
+access. The software in the car is
+proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
+means it demands blind faith from its users</a>.</p>
+
+<p>Even if no one connects to the car remotely, the cell phone modem
+enables the phone company to track the car's movements all the time;
+it is possible to physically remove the cell phone modem though.</p>
+</li>
+
+<li>
+<p>
+Malware found
+on <a
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">security
+cameras available through Amazon</a>.
+</p>
+
+<p>A camera that records locally on physical media, and has no network
+ connection, does not threaten people with surveillance—neither by
+ watching people through the camera, nor through malware in the camera.
+</p>
+</li>
+
+<li>
+<p>A bug in the iThings Messages
+app <a
href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed
+a malicious web site to extract all the user's messaging history</a>.
+</p>
+</li>
+
+<li>
+<p>Many proprietary payment apps <a
+href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">
+transmit personal data in an insecure way</a>.
+However, the worse aspect of these apps is that
+<a href="/philosophy/surveillance-vs-democracy.html">payment is not
anonymous</a>.
+</p>
+</li>
+
+<li>
+<p>
+FitBit fitness trackers <a
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
+have a Bluetooth vulnerability</a> that allows
+attackers to send malware to the devices, which can subsequently spread
+to computers and other FitBit trackers that interact with them.
+</p>
+</li>
+
+<li>
+<p>
+“Self-encrypting” disk drives do the encryption with proprietary
+firmware so you can't trust it. Western Digital's “My Passport”
+drives
+<a
href="https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">have
a back door</a>.
+</p>
+</li>
+
+<li>
+<p>
+Mac OS X had an
+<a
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
+intentional local back door for 4 years</a>, which could be
+exploited by attackers to gain root privileges.
+</p>
+</li>
+
+<li>
+<p>Security researchers discovered a
+<a
href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
+vulnerability in diagnostic dongles used for vehicle tracking and
+insurance</a> that let them take remote control of a car or
+lorry using an SMS.
+</p>
+</li>
+
+<li>
+<p>
+Crackers were able to
+<a
href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">take
remote control of the Jeep</a>
+“connected car”.
+<br/>They could track the car, start or stop the engine, and
+activate or deactivate the brakes, and more.
+</p>
+<p>
+I expect that Chrysler and the NSA can do this too.
+</p>
+<p>
+If I ever own a car, and it contains a portable phone, I will
+deactivate that.
+</p>
+</li>
+
+<li>
+<p>
+Hospira infusion pumps, which are used to administer drugs to
a patient, were rated
“<a
href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least
@@ -56,7 +221,7 @@
</li>
<li>
-<p></em></ins></span>
+<p>
<a
href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
The NSA can tap data in smart phones, including iPhones, Android, and
BlackBerry</a>. While there is not much detail here, it seems that
@@ -153,13 +318,13 @@
that normal forensics won't detect.</p>
</li>
-<span class="inserted"><ins><em><li>
+<li>
<p><a
href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
Many smartphone apps use insecure authentication methods when storing
your personal data on remote servers.</a>
This leaves personal information like email addresses, passwords, and health
information vulnerable. Because many
of these apps are proprietary it makes it hard to impossible to know which
apps are at risk.</p>
-</li></em></ins></span>
+</li>
</ul>
@@ -195,7 +360,7 @@
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
- be under CC BY-ND <span class="removed"><del><strong>3.0
US.</strong></del></span> <span
class="inserted"><ins><em>4.0.</em></ins></span> Please do NOT change or
remove this
+ be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
@@ -210,18 +375,17 @@
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © <span
class="removed"><del><strong>2013</strong></del></span> <span
class="inserted"><ins><em>2013, 2015</em></ins></span> Free Software
Foundation, Inc.</p>
+<p>Copyright © 2013, 2015, 2016 Free Software Foundation,
Inc.</p>
<p>This page is licensed under a <a rel="license"
-<span
class="removed"><del><strong>href="http://creativecommons.org/licenses/by-nd/3.0/us/">Creative</strong></del></span>
-<span
class="inserted"><ins><em>href="http://creativecommons.org/licenses/by-nd/4.0/">Creative</em></ins></span>
-Commons <span class="removed"><del><strong>Attribution-NoDerivs 3.0 United
States</strong></del></span> <span
class="inserted"><ins><em>Attribution-NoDerivatives 4.0
International</em></ins></span> License</a>.</p>
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International
License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2015/07/08 08:06:17 $
+$Date: 2016/09/06 22:58:19 $
<!-- timestamp end -->
</p>
</div>
- www/proprietary proprietary-insecurity.de.html ...,
GNUN <=