www/proprietary proprietary-insecurity.html pro...

www-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-insecurity.html pro...

From:	Therese Godefroy
Subject:	www/proprietary proprietary-insecurity.html pro...
Date:	Mon, 24 Feb 2020 11:51:47 -0500 (EST)
CVSROOT:        /webcvs/www
Module name:    www
Changes by:     Therese Godefroy <th_g> 20/02/24 11:51:47

Modified files:
        proprietary    : proprietary-insecurity.html proprietary.html 
                         proprietary-surveillance.html 
                         malware-appliances.html 
        proprietary/workshop: mal.rec 

Log message:
        Amazon Ring leaks wifi password (www-discuss 2020-02-22).

CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-insecurity.html?cvsroot=www&r1=1.115&r2=1.116
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary.html?cvsroot=www&r1=1.202&r2=1.203
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-surveillance.html?cvsroot=www&r1=1.313&r2=1.314
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-appliances.html?cvsroot=www&r1=1.86&r2=1.87
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/mal.rec?cvsroot=www&r1=1.189&r2=1.190

Patches:
Index: proprietary-insecurity.html
===================================================================
RCS file: /webcvs/www/www/proprietary/proprietary-insecurity.html,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -b -r1.115 -r1.116
--- proprietary-insecurity.html 18 Dec 2019 22:32:03 -0000      1.115
+++ proprietary-insecurity.html 24 Feb 2020 16:51:46 -0000      1.116
@@ -73,6 +73,20 @@
     its camera, speakers and microphones</a>.</p>
   </li>
 
+  <li id="M201911190">
+    <p>Internet-tethered Amazon Ring had
+    a security vulnerability that enabled attackers to <a
+    
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password";>
+    access the user's wifi password</a>, and snoop on the household
+    through connected surveillance devices.</p>
+
+    <p>Knowledge of the wifi password would not be sufficient to carry
+    out any significant surveillance if the devices implemented proper
+    security, including encryption. But many devices with proprietary
+    software lack this. Of course, they are also used by their
+    manufacturers for snooping.</p>
+  </li>
+
   <li id="M201908310">
     <p>A series of vulnerabilities <a
     
href="https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/";>found
@@ -736,7 +750,7 @@
 
 <p class="unprintable">Updated:
 <!-- timestamp start -->
-$Date: 2019/12/18 22:32:03 $
+$Date: 2020/02/24 16:51:46 $
 <!-- timestamp end -->
 </p>
 </div>

Index: proprietary.html
===================================================================
RCS file: /webcvs/www/www/proprietary/proprietary.html,v
retrieving revision 1.202
retrieving revision 1.203
diff -u -b -r1.202 -r1.203
--- proprietary.html    17 Feb 2020 08:11:51 -0000      1.202
+++ proprietary.html    24 Feb 2020 16:51:46 -0000      1.203
@@ -173,16 +173,18 @@
 <h3 id="latest">Latest additions</h3>
 
 <ul class="blurbs">
-  <li id="M202002020">
-    <p>Many Android apps fool their users by asking
-    them to decide what permissions to give the program, and then <a
-    
href="https://nakedsecurity.sophos.com/2019/07/10/android-apps-sidestepping-permissions-to-access-sensitive-data/";>
-    bypassing these permissions</a>.</p>
-
-    <p>The Android system is supposed to prevent data leaks by running apps
-    in isolated sandboxes, but developers have found ways to access the
-    data by other means, and there is nothing the user can do to stop
-    them from doing so, since both the system and the apps are nonfree.</p>
+  <li id="M201911190">
+    <p>Internet-tethered Amazon Ring had
+    a security vulnerability that enabled attackers to <a
+    
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password";>
+    access the user's wifi password</a>, and snoop on the household
+    through connected surveillance devices.</p>
+
+    <p>Knowledge of the wifi password would not be sufficient to carry
+    out any significant surveillance if the devices implemented proper
+    security, including encryption. But many devices with proprietary
+    software lack this. Of course, they are also used by their
+    manufacturers for snooping.</p>
   </li>
 
   <li id="M201912220">
@@ -207,6 +209,18 @@
     additional malware (the system itself being the original malware).</p>
   </li>
 
+  <li id="M202002020">
+    <p>Many Android apps fool their users by asking
+    them to decide what permissions to give the program, and then <a
+    
href="https://nakedsecurity.sophos.com/2019/07/10/android-apps-sidestepping-permissions-to-access-sensitive-data/";>
+    bypassing these permissions</a>.</p>
+
+    <p>The Android system is supposed to prevent data leaks by running apps
+    in isolated sandboxes, but developers have found ways to access the
+    data by other means, and there is nothing the user can do to stop
+    them from doing so, since both the system and the apps are nonfree.</p>
+  </li>
+
   <li id="M201912171">
     <p>Most modern cars now <a
     href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html";>
@@ -215,16 +229,6 @@
     cracking the car's computer, which is always hidden and running with
     proprietary software.</p>
   </li>
-
-  <li id="M201912090">
-    <p>iMonsters and Android phones,
-    when used for work, give employers powerful <a
-    
href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy";>
-    snooping and sabotage capabilities</a> if they install their own
-    software on the device.  Many employers demand to do this.  For the
-    employee, this is simply nonfree software, as fundamentally unjust
-    and as dangerous as any other nonfree software.</p>
-  </li>
 </ul>
 
 </div>
@@ -286,7 +290,7 @@
 
 <p class="unprintable">Updated:
 <!-- timestamp start -->
-$Date: 2020/02/17 08:11:51 $
+$Date: 2020/02/24 16:51:46 $
 <!-- timestamp end -->
 </p>
 </div>

Index: proprietary-surveillance.html
===================================================================
RCS file: /webcvs/www/www/proprietary/proprietary-surveillance.html,v
retrieving revision 1.313
retrieving revision 1.314
diff -u -b -r1.313 -r1.314
--- proprietary-surveillance.html       21 Feb 2020 23:13:34 -0000      1.313
+++ proprietary-surveillance.html       24 Feb 2020 16:51:46 -0000      1.314
@@ -1964,6 +1964,20 @@
 </div>
 
 <ul class="blurbs">
+  <li id="M201911190">
+    <p>Internet-tethered Amazon Ring had
+    a security vulnerability that enabled attackers to <a
+    
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password";>
+    access the user's wifi password</a>, and snoop on the household
+    through connected surveillance devices.</p>
+
+    <p>Knowledge of the wifi password would not be sufficient to carry
+    out any significant surveillance if the devices implemented proper
+    security, including encryption. But many devices with proprietary
+    software lack this. Of course, they are also used by their
+    manufacturers for snooping.</p>
+  </li>
+
   <li id="M201907210">
     <p>Google &ldquo;Assistant&rdquo; records users' conversations <a
     
href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/";>even
@@ -2583,7 +2597,7 @@
 
 <p class="unprintable">Updated:
 <!-- timestamp start -->
-$Date: 2020/02/21 23:13:34 $
+$Date: 2020/02/24 16:51:46 $
 <!-- timestamp end -->
 </p>
 </div>

Index: malware-appliances.html
===================================================================
RCS file: /webcvs/www/www/proprietary/malware-appliances.html,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -b -r1.86 -r1.87
--- malware-appliances.html     18 Dec 2019 22:32:03 -0000      1.86
+++ malware-appliances.html     24 Feb 2020 16:51:46 -0000      1.87
@@ -59,6 +59,20 @@
     its camera, speakers and microphones</a>.</p>
   </li>
 
+  <li id="M201911190">
+    <p>Internet-tethered Amazon Ring had
+    a security vulnerability that enabled attackers to <a
+    
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password";>
+    access the user's wifi password</a>, and snoop on the household
+    through connected surveillance devices.</p>
+
+    <p>Knowledge of the wifi password would not be sufficient to carry
+    out any significant surveillance if the devices implemented proper
+    security, including encryption. But many devices with proprietary
+    software lack this. Of course, they are also used by their
+    manufacturers for snooping.</p>
+  </li>
+
   <li id="M201904260">
     <p>The Jibo robot toys were tethered to the manufacturer's server,
     and <a href="https://www.apnews.com/99c9ec8ebad242ca88178e22c7642648";>
@@ -940,7 +954,7 @@
 
 <p class="unprintable">Updated:
 <!-- timestamp start -->
-$Date: 2019/12/18 22:32:03 $
+$Date: 2020/02/24 16:51:46 $
 <!-- timestamp end -->
 </p>
 </div>

Index: workshop/mal.rec
===================================================================
RCS file: /webcvs/www/www/proprietary/workshop/mal.rec,v
retrieving revision 1.189
retrieving revision 1.190
diff -u -b -r1.189 -r1.190
--- workshop/mal.rec    21 Feb 2020 23:13:34 -0000      1.189
+++ workshop/mal.rec    24 Feb 2020 16:51:46 -0000      1.190
@@ -25,6 +25,27 @@
 ####    Please don't remove the blank line after this marker!    ####
 # ADD NEW BLURB HERE
 
+Added: 2020-02-24
+Id: 201911190
+RT: www-discuss 2020-02-22 (Amazon Ring neighborhood-surveillance
+cameras...)
+PubDate: 2019-11-19
+Target: proprietary-surveillance.html SpywareAtHome
+Target: proprietary-insecurity.html proprietary-insecurity
+Target: malware-appliances.html malware-appliances
+Keywords:
+Blurb: <p>Internet-tethered Amazon Ring had
++   a security vulnerability that enabled attackers to <a
++   
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password";>
++   access the user's wifi password</a>, and snoop on the household
++   through connected surveillance devices.</p>
++
++   <p>Knowledge of the wifi password would not be sufficient to carry
++   out any significant surveillance if the devices implemented proper
++   security, including encryption. But many devices with proprietary
++   software lack this. Of course, they are also used by their
++   manufacturers for snooping.</p>
+
 Added: 2020-02-17
 Id: 201912190
 RT: www-discuss 2020-02-15 (malware)
[Prev in Thread]
Current Thread
[Next in Thread]
www/proprietary proprietary-insecurity.html pro..., Therese Godefroy <=
Prev by Date: www/software recent-releases-include.pt-br.html...
Next by Date: www/proprietary malware-appliances.html proprie...
Previous by thread: www/software recent-releases-include.pt-br.html...
Next by thread: www/proprietary malware-appliances.html proprie...
Index(es):
- Date
- Thread