[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-back-doors.it.html ...
From: |
GNUN |
Subject: |
www/proprietary proprietary-back-doors.it.html ... |
Date: |
Wed, 1 Mar 2017 06:29:17 -0500 (EST) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 17/03/01 06:29:17
Modified files:
proprietary : proprietary-back-doors.it.html
Added files:
proprietary/po : proprietary-back-doors.it-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-back-doors.it.html?cvsroot=www&r1=1.15&r2=1.16
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-back-doors.it-diff.html?cvsroot=www&rev=1.1
Patches:
Index: proprietary-back-doors.it.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-back-doors.it.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -b -r1.15 -r1.16
--- proprietary-back-doors.it.html 27 Oct 2016 20:58:41 -0000 1.15
+++ proprietary-back-doors.it.html 1 Mar 2017 11:29:17 -0000 1.16
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE"
value="/proprietary/proprietary-back-doors.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/proprietary-back-doors.it.po">
+ https://www.gnu.org/proprietary/po/proprietary-back-doors.it.po</a>'
+ --><!--#set var="ORIGINAL_FILE"
value="/proprietary/proprietary-back-doors.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/proprietary-back-doors.it-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2016-12-31" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/proprietary-back-doors.en.html" -->
<!--#include virtual="/server/header.it.html" -->
<!-- Parent-Version: 1.79 -->
@@ -8,6 +13,7 @@
<!--#include virtual="/proprietary/po/proprietary-back-doors.translist" -->
<!--#include virtual="/server/banner.it.html" -->
+<!--#include virtual="/server/outdated.it.html" -->
<h2>Backdoor proprietarie</h2>
<p><a href="/proprietary/proprietary.html">Altri esempi di malware
@@ -390,7 +396,7 @@
<p class="unprintable"><!-- timestamp start -->
Ultimo aggiornamento:
-$Date: 2016/10/27 20:58:41 $
+$Date: 2017/03/01 11:29:17 $
<!-- timestamp end -->
</p>
Index: po/proprietary-back-doors.it-diff.html
===================================================================
RCS file: po/proprietary-back-doors.it-diff.html
diff -N po/proprietary-back-doors.it-diff.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ po/proprietary-back-doors.it-diff.html 1 Mar 2017 11:29:17 -0000
1.1
@@ -0,0 +1,403 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<!-- Generated by GNUN -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>/proprietary/proprietary-back-doors.html-diff</title>
+<style type="text/css">
+span.removed { background-color: #f22; color: #000; }
+span.inserted { background-color: #2f2; color: #000; }
+</style></head>
+<body><pre>
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.79 -->
+<title>Proprietary Back Doors - GNU Project - Free Software
Foundation</title>
+ <!--#include virtual="/proprietary/po/proprietary-back-doors.translist"
-->
+<!--#include virtual="/server/banner.html" -->
+<h2>Proprietary Back Doors</h2>
+
+<p><a href="/proprietary/proprietary.html">Other examples of
proprietary malware</a></p>
+
+<p>Nonfree (proprietary) software is very often malware (designed to
+mistreat the user). Nonfree software is controlled by its developers,
+which puts them in a position of power over the users; <a
+href="/philosophy/free-software-even-more-important.html">that is the
+basic injustice</a>. The developers often exercise that power to the
+detriment of the users they ought to serve.</p>
+
+<p>Here are examples of demonstrated back doors in proprietary
software.</p>
+
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+<ul>
+ <span class="inserted"><ins><em><li><p>The Amazon Echo appears
to have a universal back door, since
+ <a
href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates">
+ it installs “updates” automatically</a>.</p>
+ <p>We have found nothing explicitly documenting the lack of any way
to
+ disable remote changes to the software, so we are not completely sure
+ there isn't one, but it seems pretty clear.</p>
+ </li>
+
+ <li><p>Chrome has a back door <a
href="https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/">for
+ remote erasure of add-ons</a>.</p>
+ </li>
+
+ <li>
+ <p>WhatsApp <a
href="https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages">has
+ a back door that the company can use to read the plaintext
+ of messages</a>.</p>
+
+ <p>This should not come as a surprise. Nonfree software for
+ encryption is never trustworthy.</p>
+ </li>
+
+ <li><p>A pregnancy test controller application not only
+ can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy
+ on many sorts of data in the phone, and in server accounts, it can
+ alter them too</a>.</p>
+ </li></em></ins></span>
+
+ <li>
+ <p>Xiaomi phones come with <a
href="https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered">a
+ universal back door in the application processor, for
+ Xiaomi's use</a>.</p>
+
+ <p>This is separate from <a
href="#universal-back-door-phone-modem">the
+ universal back door in the modem processor that the local
+ phone company can use</a>.</p>
+ </li>
+
+ <li><p>Capcom's Street Fighter V update <a
href="https://web.archive.org/web/20160930051146/http://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/">installed
+ a driver that can be used as a backdoor by any application
+ installed on a Windows computer</a>.</p>
+ </li>
+
+ <li><p>The Dropbox app for Macintosh <a
href="http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/">takes
+ total control of the machine by repeatedly nagging the user
+ for an admini password</a>.</p>
+ </li>
+ <li id="universal-back-door-phone-modem"><p>The universal back
door in portable phones <a
+
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">is
+ employed to listen through their microphones</a>.</p>
+ <p>More about <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">the
nature of this problem</a>.</p>
+ </li>
+
+ <li><p><a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
+ Microsoft has already backdoored its disk
encryption</a>.</p></li>
+
+ <li><p>Modern gratis game cr…apps
+ <a
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
+ collect a wide range of data about their users and their users'
+ friends and associates</a>.</p>
+
+ <p>Even nastier, they do it through ad networks that merge the data
+ collected by various cr…apps and sites made by different
+ companies.</p>
+
+ <p>They use this data to manipulate people to buy things, and hunt
+ for “whales” who can be led to spend a lot of money. They
+ also use a back door to manipulate the game play for specific
players.</p>
+
+ <p>While the article describes gratis games, games that cost money
+ can use the same tactics.</p>
+ </li>
+ <li>
+ <p>Dell computers, shipped with Windows, had a bogus root
+ certificate that
+ <a
href="http://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/">allowed
+ anyone (not just Dell) to remotely authorize any software to
+ run</a> on the computer.</p>
+ </li>
+ <li>
+ <p>Baidu's proprietary Android library, Moplus, has a back door
+ that <a
href="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made">can
+ “upload files” as well as forcibly install
+ apps</a>.</p>
+ <p>It is used by 14,000 Android applications.</p>
+ </li>
+
+<li><p>ARRIS cable modem has a
+ <a
href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1">
+ backdoor in the backdoor</a>.</p>
+</li>
+ <li><p>Caterpillar vehicles come with
+ <a
href="http://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it">a
back-door to shutoff the engine</a>
+ remotely.</p>
+ </li>
+<li><p>
+Mac OS X had an <a
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
+intentional local back door for 4 years</a>.
+</p></li>
+
+<li><p>Users reported that <a
+
href="http://www.networkworld.com/article/2993490/windows/windows-10-upgrades-reportedly-appearing-as-mandatory-for-some-users.html#tk.rss_all">
+ Microsoft was forcing them to replace Windows 7 and 8 with all-spying
+ Windows 10</a>.</p>
+
+ <p>Microsoft was in fact <a
+
href="http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html">
+ attacking computers that run Windows 7 and 8</a>, switching on a
flag
+ that said whether to “upgrade” to Windows 10 when users
+ had turned it off.</p>
+
+ <p>Later on, Microsoft published instructions on <a
+
href="http://arstechnica.com/information-technology/2016/01/microsoft-finally-has-a-proper-way-to-opt-out-of-windows-78-to-windows-10-upgrades/">
+ how to permanently reject the downgrade to Windows 10</a>.</p>
+
+ <p>This seems to involve use of a back door in Windows 7 and
8.</p>
+</li>
+
+<li>
+<p>Most mobile phones have a universal back door, which has been used to
+<a
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
+turn them malicious</a>.
+</p>
+</li>
+
+<li>
+<p><a
href="http://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor">
+A Chinese version of Android has a universal back door</a>. Nearly all
+models of mobile phones have a universal back door in the modem chip. So
+why did Coolpad bother to introduce another? Because this one is controlled
+by Coolpad.
+</p>
+</li>
+
+<li>
+<p>Microsoft Windows has a universal back door through which
+<a <span
class="removed"><del><strong>href="http://www.informationweek.com/news/showArticle.jhtml?articleID=201806263"></strong></del></span>
<span
class="inserted"><ins><em>href="https://web.archive.org/web/20071011010707/http://informationweek.com/news/showArticle.jhtml?articleID=201806263"></em></ins></span>
+any change whatsoever can be imposed on the users</a>.
+</p>
+<p>More information on when
+<a href="http://slated.org/windows_by_stealth_the_updates_you_dont_want">
+this was used</a>.
+</p>
+<p>In Windows 10, the universal back door is no longer hidden; all
+“upgrades” will
+be <a
href="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/">forcibly
+and immediately imposed</a>.
+</p>
+</li>
+
+<span class="removed"><del><strong><li>
+<p>Windows 8's back doors are so gaping that</strong></del></span>
+
+<span class="inserted"><ins><em><li><p>German
government</em></ins></span> <a <span
class="removed"><del><strong>href="https://web.archive.org/web/20160310201616/http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/"></strong></del></span>
<span
class="inserted"><ins><em>href="https://web.archive.org/web/20160310201616/http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/">veers
+away from Windows 8 computers with TPM 2.0 due to potential back
+door capabilities of</em></ins></span> the <span
class="removed"><del><strong>German government has decided it can't be
trusted</a>.
+</p></strong></del></span> <span class="inserted"><ins><em>TPM 2.0
chip</a>.</p></em></ins></span>
+</li>
+
+<li>
+<p>The iPhone has a back door
+<a
href="http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html">
+that allows Apple to remotely delete apps</a> which Apple considers
+“inappropriate”. Jobs said it's ok for Apple to have this power
+because of course we can trust Apple.
+</p>
+</li>
+
+<li>
+<p>The iPhone has a back door for
+<a
href="http://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone">
+remote wipe</a>. It's not always enabled, but users are led into
enabling
+it without understanding.
+</p>
+</li>
+
+<li>
+ <p>Apple can, and regularly does,
+ <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some data from iPhones for the state</a>.
+ </p>
+ <p>This may have improved with
+ <a
href="http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html">
+ iOS 8 security improvements</a>; but
+ <a href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
+ not as much as Apple claims</a>.</p>
+ </li>
+
+
+<li>
+<p><a
href="http://www.computerworld.com/article/2500036/desktop-apps/microsoft--we-can-remotely-delete-windows-8-apps.html">
+Windows 8 also has a back door for remotely deleting apps</a>.
+</p>
+
+<p>
+You might well decide to let a security service that you trust
+remotely <em>deactivate</em> programs that it considers malicious.
+But there is no excuse for <em>deleting</em> the programs, and you
+should have the right to decide who (if anyone) to trust in this way.
+</p>
+
+<p>
+As these pages show, if you do want to clean your computer of malware,
+the first software to delete is Windows or iOS.
+</p>
+</li>
+
+<li>
+<p>In Android,
+<a
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
+Google has a back door to remotely delete apps.</a> (It is in a program
+called GTalkService).
+</p>
+
+<p>
+Google can also
+<a
href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/">
+forcibly and remotely install apps</a> through GTalkService (which
+seems, since that article, to have been merged into Google Play).
+This is not equivalent to a universal back door, but permits various
+dirty tricks.
+</p>
+
+<p>
+Although Google's <em>exercise</em> of this power has not been
+malicious so far, the point is that nobody should have such power,
+which could also be used maliciously. You might well decide to let a
+security service remotely <em>deactivate</em> programs that it
+considers malicious. But there is no excuse for allowing it
+to <em>delete</em> the programs, and you should have the right to
+decide who (if anyone) to trust in this way.
+</p>
+</li>
+
+<li>
+<p><a id="samsung"
+href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor">
+Samsung Galaxy devices running proprietary Android versions come with a back
+door</a> that provides remote access to the files stored on the device.
+</p>
+</li>
+
+<li>
+<p>The Amazon <span
class="removed"><del><strong>Kindle</strong></del></span> <span
class="inserted"><ins><em>Kindle-Swindle</em></ins></span> has a back door that
has been used to
+<a
href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
+remotely erase books</a>. <span class="inserted"><ins><em>One of the
books erased was 1984, by George Orwell.</em></ins></span>
+</p>
+
+<span class="inserted"><ins><em><p>Amazon responded to criticism by
saying it would delete books only
+following orders from the state. However, that policy didn't last.
+In 2012
+it <a
href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">wiped
+a user's Kindle-Swindle and deleted her account</a>, then offered her
+kafkaesque “explanations.”</p></em></ins></span>
+
+
+<p>The <span class="removed"><del><strong>Kindle</strong></del></span>
<span class="inserted"><ins><em>Kindle-Swindle</em></ins></span> also has a
+<a
href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090">
+universal back door</a>.
+</p>
+</li>
+
+<li>
+<p>HP “storage appliances” that use the proprietary
+“Left Hand” operating system have back doors that give
+HP <a
href="http://news.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/">
+remote login access</a> to them. HP claims that this does not give HP
+access to the customer's data, but if the back door allows installation of
+software changes, a change could be installed that would give access to the
+customer's data.
+</p>
+</li>
+
+<li>
+<p><a
href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html">
+Some D-Link routers</a> have a back door for changing settings in a dlink
+of an eye.
+</p>
+
+<p>
+<a href="https://github.com/elvanderb/TCP-32764">Many models of router
+have back doors</a>.</p>
+</li>
+
+<li>
+<p><a href="http://sekurak.pl/tp-link-httptftp-backdoor/">
+The TP-Link router has a backdoor</a>.</p>
+</li>
+
+<li>
+<p><a
href="http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/">
+Some applications come with MyFreeProxy, which is a universal back door
+that can download programs and run them.</a>
+</p>
+</li>
+</ul>
+
+<p>Here is a big problem whose details are still secret.</p>
+
+<ul>
+<li>
+<p><a
href="http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/">
+The FBI asks lots of companies to put back doors in proprietary programs.
+</a> We don't know of specific cases where this was done, but every
+proprietary program for encryption is a possibility.</p>
+</li>
+</ul>
+
+<p>Here is a suspicion that we can't prove, but is worth thinking
+about.</p>
+
+<ul>
+<li>
+<p><a
href="http://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI">
+Writable microcode for Intel and AMD microprocessors</a> may be a vehicle
+for the NSA to invade computers, with the help of Microsoft, say respected
+security experts.
+</p>
+</li>
+</ul>
+
+<p>The EFF has other examples of the <a
href="https://www.eff.org/deeplinks/2015/02/who-really-owns-your-drones">use
of back doors</a>.</p>
+
+
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+<div class="unprintable">
+
+<p>Please send general FSF & GNU inquiries to
+<a href="mailto:address@hidden"><address@hidden></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a
href="mailto:address@hidden"><address@hidden></a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:address@hidden">
+ <address@hidden></a>.</p>
+
+ <p>For information on coordinating and submitting translations of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and submitting translations
+of this article.</p>
+</div>
+
+<p>Copyright © <span
class="removed"><del><strong>2014-2016</strong></del></span> <span
class="inserted"><ins><em>2014-2017</em></ins></span> Free Software Foundation,
Inc.</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International
License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2017/03/01 11:29:17 $
+<!-- timestamp end -->
+</p>
+</div>
+</div>
+</body>
+</html>
+</pre></body></html>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary proprietary-back-doors.it.html ...,
GNUN <=