[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-insecurity.html pro...
From: |
Therese Godefroy |
Subject: |
www/proprietary proprietary-insecurity.html pro... |
Date: |
Mon, 24 Feb 2020 11:51:47 -0500 (EST) |
CVSROOT: /webcvs/www
Module name: www
Changes by: Therese Godefroy <th_g> 20/02/24 11:51:47
Modified files:
proprietary : proprietary-insecurity.html proprietary.html
proprietary-surveillance.html
malware-appliances.html
proprietary/workshop: mal.rec
Log message:
Amazon Ring leaks wifi password (www-discuss 2020-02-22).
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.html?cvsroot=www&r1=1.115&r2=1.116
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary.html?cvsroot=www&r1=1.202&r2=1.203
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-surveillance.html?cvsroot=www&r1=1.313&r2=1.314
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-appliances.html?cvsroot=www&r1=1.86&r2=1.87
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/mal.rec?cvsroot=www&r1=1.189&r2=1.190
Patches:
Index: proprietary-insecurity.html
===================================================================
RCS file: /webcvs/www/www/proprietary/proprietary-insecurity.html,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -b -r1.115 -r1.116
--- proprietary-insecurity.html 18 Dec 2019 22:32:03 -0000 1.115
+++ proprietary-insecurity.html 24 Feb 2020 16:51:46 -0000 1.116
@@ -73,6 +73,20 @@
its camera, speakers and microphones</a>.</p>
</li>
+ <li id="M201911190">
+ <p>Internet-tethered Amazon Ring had
+ a security vulnerability that enabled attackers to <a
+
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
+ access the user's wifi password</a>, and snoop on the household
+ through connected surveillance devices.</p>
+
+ <p>Knowledge of the wifi password would not be sufficient to carry
+ out any significant surveillance if the devices implemented proper
+ security, including encryption. But many devices with proprietary
+ software lack this. Of course, they are also used by their
+ manufacturers for snooping.</p>
+ </li>
+
<li id="M201908310">
<p>A series of vulnerabilities <a
href="https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/">found
@@ -736,7 +750,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2019/12/18 22:32:03 $
+$Date: 2020/02/24 16:51:46 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary.html
===================================================================
RCS file: /webcvs/www/www/proprietary/proprietary.html,v
retrieving revision 1.202
retrieving revision 1.203
diff -u -b -r1.202 -r1.203
--- proprietary.html 17 Feb 2020 08:11:51 -0000 1.202
+++ proprietary.html 24 Feb 2020 16:51:46 -0000 1.203
@@ -173,16 +173,18 @@
<h3 id="latest">Latest additions</h3>
<ul class="blurbs">
- <li id="M202002020">
- <p>Many Android apps fool their users by asking
- them to decide what permissions to give the program, and then <a
-
href="https://nakedsecurity.sophos.com/2019/07/10/android-apps-sidestepping-permissions-to-access-sensitive-data/">
- bypassing these permissions</a>.</p>
-
- <p>The Android system is supposed to prevent data leaks by running apps
- in isolated sandboxes, but developers have found ways to access the
- data by other means, and there is nothing the user can do to stop
- them from doing so, since both the system and the apps are nonfree.</p>
+ <li id="M201911190">
+ <p>Internet-tethered Amazon Ring had
+ a security vulnerability that enabled attackers to <a
+
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
+ access the user's wifi password</a>, and snoop on the household
+ through connected surveillance devices.</p>
+
+ <p>Knowledge of the wifi password would not be sufficient to carry
+ out any significant surveillance if the devices implemented proper
+ security, including encryption. But many devices with proprietary
+ software lack this. Of course, they are also used by their
+ manufacturers for snooping.</p>
</li>
<li id="M201912220">
@@ -207,6 +209,18 @@
additional malware (the system itself being the original malware).</p>
</li>
+ <li id="M202002020">
+ <p>Many Android apps fool their users by asking
+ them to decide what permissions to give the program, and then <a
+
href="https://nakedsecurity.sophos.com/2019/07/10/android-apps-sidestepping-permissions-to-access-sensitive-data/">
+ bypassing these permissions</a>.</p>
+
+ <p>The Android system is supposed to prevent data leaks by running apps
+ in isolated sandboxes, but developers have found ways to access the
+ data by other means, and there is nothing the user can do to stop
+ them from doing so, since both the system and the apps are nonfree.</p>
+ </li>
+
<li id="M201912171">
<p>Most modern cars now <a
href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html">
@@ -215,16 +229,6 @@
cracking the car's computer, which is always hidden and running with
proprietary software.</p>
</li>
-
- <li id="M201912090">
- <p>iMonsters and Android phones,
- when used for work, give employers powerful <a
-
href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy">
- snooping and sabotage capabilities</a> if they install their own
- software on the device. Many employers demand to do this. For the
- employee, this is simply nonfree software, as fundamentally unjust
- and as dangerous as any other nonfree software.</p>
- </li>
</ul>
</div>
@@ -286,7 +290,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2020/02/17 08:11:51 $
+$Date: 2020/02/24 16:51:46 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary-surveillance.html
===================================================================
RCS file: /webcvs/www/www/proprietary/proprietary-surveillance.html,v
retrieving revision 1.313
retrieving revision 1.314
diff -u -b -r1.313 -r1.314
--- proprietary-surveillance.html 21 Feb 2020 23:13:34 -0000 1.313
+++ proprietary-surveillance.html 24 Feb 2020 16:51:46 -0000 1.314
@@ -1964,6 +1964,20 @@
</div>
<ul class="blurbs">
+ <li id="M201911190">
+ <p>Internet-tethered Amazon Ring had
+ a security vulnerability that enabled attackers to <a
+
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
+ access the user's wifi password</a>, and snoop on the household
+ through connected surveillance devices.</p>
+
+ <p>Knowledge of the wifi password would not be sufficient to carry
+ out any significant surveillance if the devices implemented proper
+ security, including encryption. But many devices with proprietary
+ software lack this. Of course, they are also used by their
+ manufacturers for snooping.</p>
+ </li>
+
<li id="M201907210">
<p>Google “Assistant” records users' conversations <a
href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
@@ -2583,7 +2597,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2020/02/21 23:13:34 $
+$Date: 2020/02/24 16:51:46 $
<!-- timestamp end -->
</p>
</div>
Index: malware-appliances.html
===================================================================
RCS file: /webcvs/www/www/proprietary/malware-appliances.html,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -b -r1.86 -r1.87
--- malware-appliances.html 18 Dec 2019 22:32:03 -0000 1.86
+++ malware-appliances.html 24 Feb 2020 16:51:46 -0000 1.87
@@ -59,6 +59,20 @@
its camera, speakers and microphones</a>.</p>
</li>
+ <li id="M201911190">
+ <p>Internet-tethered Amazon Ring had
+ a security vulnerability that enabled attackers to <a
+
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
+ access the user's wifi password</a>, and snoop on the household
+ through connected surveillance devices.</p>
+
+ <p>Knowledge of the wifi password would not be sufficient to carry
+ out any significant surveillance if the devices implemented proper
+ security, including encryption. But many devices with proprietary
+ software lack this. Of course, they are also used by their
+ manufacturers for snooping.</p>
+ </li>
+
<li id="M201904260">
<p>The Jibo robot toys were tethered to the manufacturer's server,
and <a href="https://www.apnews.com/99c9ec8ebad242ca88178e22c7642648">
@@ -940,7 +954,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2019/12/18 22:32:03 $
+$Date: 2020/02/24 16:51:46 $
<!-- timestamp end -->
</p>
</div>
Index: workshop/mal.rec
===================================================================
RCS file: /webcvs/www/www/proprietary/workshop/mal.rec,v
retrieving revision 1.189
retrieving revision 1.190
diff -u -b -r1.189 -r1.190
--- workshop/mal.rec 21 Feb 2020 23:13:34 -0000 1.189
+++ workshop/mal.rec 24 Feb 2020 16:51:46 -0000 1.190
@@ -25,6 +25,27 @@
#### Please don't remove the blank line after this marker! ####
# ADD NEW BLURB HERE
+Added: 2020-02-24
+Id: 201911190
+RT: www-discuss 2020-02-22 (Amazon Ring neighborhood-surveillance
+cameras...)
+PubDate: 2019-11-19
+Target: proprietary-surveillance.html SpywareAtHome
+Target: proprietary-insecurity.html proprietary-insecurity
+Target: malware-appliances.html malware-appliances
+Keywords:
+Blurb: <p>Internet-tethered Amazon Ring had
++ a security vulnerability that enabled attackers to <a
++
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
++ access the user's wifi password</a>, and snoop on the household
++ through connected surveillance devices.</p>
++
++ <p>Knowledge of the wifi password would not be sufficient to carry
++ out any significant surveillance if the devices implemented proper
++ security, including encryption. But many devices with proprietary
++ software lack this. Of course, they are also used by their
++ manufacturers for snooping.</p>
+
Added: 2020-02-17
Id: 201912190
RT: www-discuss 2020-02-15 (malware)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary proprietary-insecurity.html pro...,
Therese Godefroy <=