[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-insecurity.html
|
From: |
rsiddharth |
|
Subject: |
www/proprietary proprietary-insecurity.html |
|
Date: |
Sat, 10 Jun 2017 19:36:11 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: rsiddharth <rsd> 17/06/10 19:36:11
Modified files:
proprietary : proprietary-insecurity.html
Log message:
[#1214096] Add HP Conexant HD Audio Driver Package proprietary
insecurity.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.html?cvsroot=www&r1=1.59&r2=1.60
Patches:
Index: proprietary-insecurity.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-insecurity.html,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -b -r1.59 -r1.60
--- proprietary-insecurity.html 2 Jun 2017 21:04:21 -0000 1.59
+++ proprietary-insecurity.html 10 Jun 2017 23:36:11 -0000 1.60
@@ -35,7 +35,19 @@
users helpless is what's culpable about proprietary software.</p>
<ul>
-
+<li>
+ <p>
+ Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
+ pre-installed on 28 models of HP laptops logged the user's
+ keystroke to a file in the filesystem. Any process with access to
+ the filesystem or the MapViewOfFile API could gain access to the
+ log. Furthermore, <a
href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt";>according
+ to modzero</a> the “information-leak via Covert Storage
+ Channel enables malware authors to capture keystrokes without
+ taking the risk of being classified as malicious task by AV
+ heuristics”.
+ </p>
+</li>
<li>
<p>The proprietary code that runs pacemakers, insulin pumps, and other
medical devices is <a href="http://www.bbc.co.uk/news/technology-40042584";>
@@ -484,7 +496,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2017/06/02 21:04:21 $
+$Date: 2017/06/10 23:36:11 $
<!-- timestamp end -->
</p>
</div>
- www/proprietary proprietary-insecurity.html,
rsiddharth <=