Results of 1 - 1 of about 725 for Android 12 (1.877 sec.)
android (2801), 12 (27795)
- proprietary-insecurity.it.po
- #score: 5143
- @digest: fd3551732baafeb93501329f5473538b
- @id: 400375
- @mdate: 2024-03-26T14:22:04Z
- @size: 87824
- @type: text/html
- content-type: text/html; charset=utf-8
- #keywords: arstechnica (56913), sicurezza (27625), crackers (20261), vulnerability (20253), hospital (18442), vulnerable (17118), security (14963), theguardian (13905), https (12519), cracker (12075), cameras (11957), href (10708), technology (10572), ldquo (10337), rdquo (9526), flaw (8311), researchers (8257), insecurity (7818), insecure (7720), phones (7601), hackers (7350), samsung (7310), smart (6353), mobile (6310), com (5840), remotely (5579), malware (5350), internet (5070), malicious (4918), hacker (4840), accounts (4610), encryption (4596)
- proprietary-insecurity.it.po Mismatched links: 155. Mismatched ids: 0. # text 17 UEFI makes computers <a href=" https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/ "> vulnerable to advanced persistent threats</a> that are almost impossible to detect once installed. Here are <a href=" https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ "> technical details</a>. 21 <a href=" /proprietary/uhd-bluray-denies-your-freedom.html ">UHD Blu-ray disks are loaded with malware of the worst kinds</a>. Among other things, playing them on a PC requires Intel SGX (Software Guard Extensions), which not only has numerous security vulnerabilities, but also was deprecated and removed from mainstream Intel CPUs in 2022. 22 <a href=" https://www.bleepingcomputer.com/news/security/logofail-attack-can-install-uefi-bootkits-through-bootup-logos/ ">x86 and ARM based computers shipped with UEFI are potentially vulnerable to a design omission called LogoFAIL</a>. A cracker can replace the BIOS logo with a fake one that contains malicious code. Users can't fix this omission because it is in the nonfree UEFI firmware that users can't replace. 23 Hackers discovered <a href=" https://samcurry.net/web-hackers-vs-the-auto-industry/ "> dozens of flaws in the security (in the usual narrow sense) of many brands of automobiles</a>. 25 <a href=" https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/ "> The Microsoft Office encryption is weak</a>, and susceptible to attack. 27 A security researcher found that the iOS in-app browser of TikTok <a href=" https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows "> injects keylogger-like JavaScript code into outside web pages</a>. This code has the ability to track all users' activities, and to retrieve any personal data that is entered on the pages. We have no way of verifying TikTok's claim that the keylogger-like code only serves purely technical functions. Some of the accessed data could well be saved to the company's servers, and even sent to third parties. This would open the door to extensive surveillance, including by the Chinese government (to which TikTok has indirect ties). There is also a risk that the data would be stolen by crackers, and used to launch malware attacks. 28 The iOS in-app browsers of Instagram and Facebook behave essentially the same way as TikTok's. The main difference is that Instagram and Facebook allow users to access third-party sites with their default browser, whereas <a href=" https://web.archive.org/web/20221201065621/https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/ "> TikTok makes it nearly impossible</a>. 31 A bug in Tesla cars software <a href=" https://www.tweaktown.com/news/86780/new-app-allows-hackers-to-steal-teslas-by-making-their-own-keys/index.html "> lets crackers install new car keys</a>, unlock cars, start engines, and even prevent real owners from accessing their cars. 32 A cracker even reported that he was able to <a href=" https://fortune.com/2022/01/12/teen-hacker-david-colombo-took-control-25-tesla-ev/ "> disable security systems and take control of 25 cars</a>. 33 <small>Please note that these articles wrongly use the word “<a href=" /philosophy/words-to-avoid.html#Hacker ">hacker</a>” instead of cracker.</small> 34 A security failure in Microsoft's Windows is <a href=" https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/ ">infecting people's computers with RedLine stealer malware</a> using a fake Windows 11 upgrade installer. 35 A critical bug in Apple's iOS makes it possible for attackers to alter a shutdown event, <a href=" https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/ ">tricking the user into thinking that the phone has been powered off</a>. But in fact, it's still running, and the user can't feel any difference between a real shutdown and the fake shutdown. 36 Hundreds of Tesla drivers <a href=" https://www.theguardian.com/technology/2021/nov/20/tesla-app-outage-elon-musk-apologises ">were locked out of their cars as a result of Tesla's app suffering from an outage</a>, which happened because the app is tethered to the company's servers. 37 Some researchers at Google <a href=" https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users ">found a zero-day vulnerability on MacOS, which crackers used to target people visiting the websites</a> of a media outlet and a pro-democracy labor and political group in Hong Kong. 38 <small>Please note that the article wrongly refers to crackers as “<a href=" /philosophy/words-to-avoid.html#Hacker ">hackers</a>”.</small> 39 Various models of security cameras, DVRs, and baby monitors that run proprietary software <a href=" https://www.wired.com/story/kalay-iot-bug-video-feeds/ ">are affected by a security vulnerability that could give attackers access to live feeds</a>. 40 <a href=" https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones "> The pegasus spyware used vulnerabilities on proprietary smartphone operating systems</a> to impose surveillance on people. It can record people's calls, copy their messages, and secretly film them, using a security vulnerability. There's also <a href=" https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf "> a technical analysis of this spyware</a> available in PDF format. 42 A newly found Microsoft Windows vulnerability <a href=" https://edition.cnn.com/2021/07/08/tech/microsoft-windows-10-printnightmare/ "> can allow crackers to remotely gain access to the operating system</a> and install programs, view and delete data, or even create new user accounts with full user rights. 44 <a href=" https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/ ">TikTok apps collect biometric identifiers and biometric information from users' smartphones</a>. The company behind it does whatever it wants and collects whatever data it can. 45 <a href=" https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/ ">Apple is moving its Chinese customers' iCloud data to a datacenter controlled by the Chinese government</a>. Apple is already storing the encryption keys on these servers, obeying Chinese authority, making all Chinese user data available to the government. 46 A motorcycle company named Klim is selling airbag vests with different payment methods, one of them is through a <a href=" https://www.vice.com/en/article/93yyyd/this-motorcycle-airbag-vest-will-stop-working-if-you-miss-a-payment ">proprietary subscription-based option that will block the vest from inflating if the payments don't go through</a>. 48 The United States' government is reportedly considering <a href=" https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/ ">teaming up with private companies to monitor American citizens' private online activity and digital communications</a>. 50 A zero-day vulnerability in Zoom which <a href=" https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/ ">can be used to launch remote code execution (RCE) attacks</a> has been disclosed by researchers. The researchers demonstrated a three-bug attack chain that caused an RCE on a target machine, all this without any form of user interaction. 51 <a href=" https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams ">Over 150 thousand security cameras that used Verkada company's proprietary software are cracked</a> by a major security breach. Crackers have had access to security archives of various gyms, hospitals, jails, schools, and police stations that have used Verkada's cameras. 52 <a href=" /philosophy/surveillance-vs-democracy.html ">It is injustice to the public</a> for gyms, stores, hospitals, jails, and schools to hand “security” footage to a company from which the government can collect it at any time, without even telling them. 53 At least 30 thousand organizations in the United States are newly “<a href=" /philosophy/words-to-avoid.html#Hacker ">cracked</a>” via <a href=" https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/ ">holes in Microsoft's proprietary email software, named Microsoft 365</a>. It is unclear whether there are other holes and vulnerabilities in the program or not but history and experience tells us it wouldn't be the last disaster with proprietary programs. 54 Researchers at the security firm SentinelOne discovered a <a href=" https://www.wired.com/story/windows-defender-vulnerability-twelve-years/ ">security flaw in proprietary program Microsoft Windows Defender that lurked undetected for 12 years</a>. If the program was free (as in freedom), more people would have had a chance to notice the problem, therefore, it could've been fixed a lot sooner. 55 A cracker <a href=" https://www.vice.com/en/article/m7apnn/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom ">took control of people's internet-connected chastity cages and demanded ransom</a>. The chastity cages are being controlled by a proprietary app (mobile program). 56 <small>(Please note that the article wrongly refers to crackers as "<a href=" /philosophy/words-to-avoid.html#Hacker ">hackers</a>".)</small> 57 Commercial crackware can <a href=" https://www.theguardian.com/technology/2020/dec/20/iphones-vulnerable-to-hacking-tool-for-months-researchers-say "> get passwords out of an iMonster</a>, use the microphone and camera, and other things. 58 <a href=" https://www.washingtonpost.com/technology/2020/12/18/zoom-helped-china-surveillance/ "> A Zoom executive carried out snooping and censorship for the Chinese government</a>. 60 United States officials are facing one of biggest crackings against them in years, when <a href=" https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department ">malicious code was sneaked into SolarWinds' proprietary software named Orion</a>. Crackers got access to networks when users downloaded a tainted software update. Crackers were able to monitor internal emails at some of the top agencies in the US. 61 Baidu apps were <a href=" https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/ "> caught collecting sensitive personal data</a> that can be used for lifetime tracking of users, and putting them in danger. More than 1.4 billion people worldwide are affected by these proprietary apps, and users' privacy is jeopardized by this surveillance tool. Data collected by Baidu may be handed over to the Chinese government, possibly putting Chinese people in danger. 62 Some Wavelink and JetStream wifi routers have universal back doors that enable unauthenticated users to remotely control not only the routers, but also any devices connected to the network. There is evidence that <a href=" https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/ "> this vulnerability is actively exploited</a>. 63 If you consider buying a router, we encourage you to get one that <a href=" https://ryf.fsf.org/categories/routers ">runs on free software</a>. Any attempts at introducing malicious functionalities in it (e.g., through a firmware update) will be detected by the community, and soon corrected. 64 If unfortunately you own a router that runs on proprietary software, don't panic! You may be able to replace its firmware with a free operating system such as <a href=" https://librecmc.org ">libreCMC</a>. If you don't know how, you can get help from a nearby GNU/Linux user group. 65 Apple has <a href=" https://sneak.berlin/20201112/your-computer-isnt-yours/ ">implemented a malware in its computers that imposes surveillance</a> on users and reports users' computing to Apple. 67 Samsung is forcing its smartphone users in Hong Kong (and Macau) <a href=" https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/ ">to use a public DNS in Mainland China</a>, using software update released in September 2020, which causes many unease and privacy concerns. 68 TikTok <a href=" https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html "> exploited an Android vulnerability</a> to obtain user MAC addresses. 69 <a href=" https://www.wired.com/story/ripple20-iot-vulnerabilities/ "> A disasterous security bug</a> touches millions of products in the Internet of Stings. 71 The proprietary program Microsoft Teams' insecurity <a href=" https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif/ ">could have let a malicious GIF steal user data from Microsoft Teams accounts</a>, possibly across an entire company, and taken control of “an organization's entire roster of Teams accounts.” 72 Riot Games' new anti-cheat is malware; <a href=" https://www.extremetech.com/gaming/309320-riot-games-new-anti-cheat-system-runs-at-system-boot-uses-kernel-driver ">runs on system boot at kernel level</a> on Windows. It is insecure software that increases the attack surface of the operating system. 73 Internet-tethered Amazon Ring had a security vulnerability that enabled attackers to <a href=" https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password "> access the user's wifi password</a>, and snoop on the household through connected surveillance devices. 75 A series of vulnerabilities <a href=" https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/ ">found in iOS allowed attackers to gain access to sensitive information including private messages, passwords, photos and contacts stored on the user's iMonster</a>. 77 Out of 21 gratis Android antivirus apps that were tested by security researchers, eight <a href=" https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/ "> failed to detect a test virus</a>. All of them asked for dangerous permissions or contained advertising trackers, with seven being more risky than the average of the 100 most popular Android apps. 79 Many Android apps can track users' movements even when the user says <a href=" https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location "> not to allow them access to locations</a>. 81 Users caught in the jail of an iMonster are <a href=" https://boingboing.net/2019/05/15/brittle-security.html "> sitting ducks for other attackers</a>, and the app censorship prevents security companies from figuring out how those attacks work. 83 The Medtronics Conexus Telemetry Protocol has <a href=" https://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/ "> two vulnerabilities that affect several models of implantable defibrillators</a> and the devices they connect to. 85 The Ring doorbell camera is designed so that the manufacturer (now Amazon) can watch all the time. Now it turns out that <a href=" https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/ "> anyone else can also watch, and fake videos too</a>. 86 The third party vulnerability is presumably unintentional and Amazon will probably fix it. However, we do not expect Amazon to change the design that <a href=" /proprietary/proprietary-surveillance.html#M201901100 ">allows Amazon to watch</a>. 87 Researchers have discovered how to <a href=" https://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co "> hide voice commands in other audio</a>, so that people cannot hear them, but Alexa and Siri can. 88 Since the beginning of 2017, <a href=" https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled ">Android phones have been collecting the addresses of nearby cellular towers</a>, even when location services are disabled, and sending that data back to Google. 89 Crackers found a way to break the security of an Amazon device, and <a href=" https://boingboing.net/2018/08/12/alexa-bob-carol.html "> turn it into a listening device</a> for them. 91 <small>(These crackers are probably hackers too, but please <a href=" https://stallman.org/articles/on-hacking.html "> don't use “hacking” to mean “breaking security”</a>.)</small> 92 | Siri, Alexa, and all the other voice-control systems can be <a | [-href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">-] | {+href="https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">+} | hijacked by programs that play commands in ultrasound that humans can't | hear</a>. Siri, Alexa, and all the other voice-control systems can be <a href=" https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa "> hijacked by programs that play commands in ultrasound that humans can't hear</a>. Siri, Alexa e tutti gli altri sistemi comandati a voce possono essere <a href=" https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa ">controllati tramite programmi che usano ultrasuoni</a> che l'orecchio umano non percepisce. 93 Some Samsung phones randomly <a href=" https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages ">send photos to people in the owner's contact list</a>. 94 One of the dangers of the “internet of stings” is that, if you lose your internet service, you also <a href=" https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/ "> lose control of your house and appliances</a>. 96 Intel's intentional “management engine” back door has <a href=" https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/ "> unintended back doors</a> too. 97 Amazon recently invited consumers to be suckers and <a href=" https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/ "> allow delivery staff to open their front doors</a>. Wouldn't you know it, the system has a grave security flaw. 98 Bad security in some cars makes it possible to <a href=" https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937 "> remotely activate the airbags</a>. 99 A “smart” intravenous pump designed for hospitals is connected to the internet. Naturally <a href=" https://www.techdirt.com/2017/09/22/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack/ "> its security has been cracked</a>. 100 <small>(Note that this article misuses the term <a href=" /philosophy/words-to-avoid.html#Hacker ">“hackers”</a> referring to crackers.)</small> 101 The bad security in many Internet of Stings devices allows <a href=" https://www.techdirt.com/2017/08/28/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you/ ">ISPs to snoop on the people that use them</a>. 103 <small>(It is unfortunate that the article uses the term <a href=" /philosophy/words-to-avoid.html#Monetize ">“monetize”</a>.)</small> 105 | That is a malicious functionality, but in addition it is a gross | insecurity since anyone, including malicious crackers, <a | [-href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can-] | {+href="https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can+} | find those accounts and use them to get into users' cameras</a>. That is a malicious functionality, but in addition it is a gross insecurity since anyone, including malicious crackers, <a href=" https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/ ">can find those accounts and use them to get into users' cameras</a>. Questo è un grave problema di sicurezza: chiunque, compresi malintenzionati, può trovare quelle credenziali e <a href=" https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/ ">usarle per penetrare nelle telecamere degli utenti</a>. 106 | [-That is a malicious functionality, but in addition it is a gross | insecurity since anyone, including malicious crackers, <a | href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can | find those-]{+Many models of Internet-connected cameras are tremendously | insecure. They have login+} accounts {+with hard-coded passwords, which | can't be changed,+} and [-use them-] {+<a | href="https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">there | is no way+} to [-get into users' cameras</a>.-] {+delete these accounts | either</a>.+} Many models of Internet-connected cameras are tremendously insecure. They have login accounts with hard-coded passwords, which can't be changed, and <a href=" https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/ ">there is no way to delete these accounts either</a>. Questo è un grave problema di sicurezza: chiunque, compresi malintenzionati, può trovare quelle credenziali e <a href=" https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/ ">usarle per penetrare nelle telecamere degli utenti</a>. 107 | Intel's CPU backdoor—the Intel Management Engine—had a <a | [-href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major-] | {+href="https://arstechnica.com/information-technology/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major+} | security vulnerability for 10 years</a>. Intel's CPU backdoor—the Intel Management Engine—had a <a href=" https://arstechnica.com/information-technology/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/ ">major security vulnerability for 10 years</a>. La backdoor delle CPU Intel, nota come —the Intel Management Engine—, ha avuto una <a href=" https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/ ">grave falla di sicurezza durata 10 anni</a>. 108 | The vulnerability allowed a cracker to access the computer's Intel Active | Management Technology (AMT) <a | [-href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/">-] | {+href="https://arstechnica.com/information-technology/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/">+} | web interface with an empty password and gave administrative access</a> to | access the computer's keyboard, mouse, monitor among other privileges. The vulnerability allowed a cracker to access the computer's Intel Active Management Technology (AMT) <a href=" https://arstechnica.com/information-technology/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/ "> web interface with an empty password and gave administrative access</a> to access the computer's keyboard, mouse, monitor among other privileges. La vulnerabilità permetteva a un cracker di accedere all'interfaccia web di Intel Active Management Technology (AMT) senza password e di <a href=" https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/ "> ottenere accesso amministrativo</a> con accesso a tastiera, mouse, monitor e altri privilegi. 110 | The proprietary code that runs pacemakers, insulin pumps, and other | medical devices is <a | [-href="http://www.bbc.co.uk/news/technology-40042584">-] | {+href="https://www.bbc.com/news/technology-40042584">+} full of gross | security faults</a>. The proprietary code that runs pacemakers, insulin pumps, and other medical devices is <a href=" https://www.bbc.com/news/technology-40042584 "> full of gross security faults</a>. Il codice proprietario che fa funzionare pace-maker, pompe di insulina e altri dispositivi medici è <a href=" http://www.bbc.co.uk/news/technology-40042584 "> pieno di problemi di sicurezza</a>. 111 | Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) | pre-installed on 28 models of HP laptops logged the user's keystroke to a | file in the filesystem. Any process with access to the filesystem or the | MapViewOfFile API could gain access to the log. Furthermore, <a | [-href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">according-] | {+href="https://modzero.com/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html">according+} | to modzero</a> the “information-leak via Covert Storage Channel | enables malware authors to capture keystrokes without taking the risk of | being classified as malicious task by AV heuristics”. Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) pre-installed on 28 models of HP laptops logged the user's keystroke to a file in the filesystem. Any process with access to the filesystem or the MapViewOfFile API could gain access to the log. Furthermore, <a href=" https://modzero.com/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html ">according to modzero</a> the “information-leak via Covert Storage Channel enables malware authors to capture keystrokes without taking the risk of being classified as malicious task by AV heuristics”. Il driver Conexant HD Audio (versione 1.0.0.46 e precedenti) pre-installato su 28 modelli di portatili HP scriveva su un file i tasti premuti dall'utente. Qualsiasi processo con accesso al filesystem o all'API MapViewOfFile poteva ottenere accesso al log. Inoltre, <a href=" https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt ">secondo modzero</a> l'uso di tecniche di tipo "Covert Storage Channel" permette agli autori di malware di trasmettere i tasti premuti senza correre il rischio di essere classificati come software pericoloso dai controlli euristici degli antivirus. 113 | Many Android devices <a | [-href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">-] | {+href="https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">+} | can be hijacked through their Wi-Fi chips</a> because of a bug in | Broadcom's non[---]free firmware. Many Android devices <a href=" https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/ "> can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's nonfree firmware. Molti dispositivi Android <a href=" https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/ "> possono essere violati tramite il chip Wi-Fi</a> a causa di un problema di sicurezza nel firmware non libero di Broadcom. 114 | When Miele's Internet of Stings hospital disinfectant dishwasher is <a | [-href="https://motherboard.vice.com/en_us/article/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">connected-] | {+href="https://www.vice.com/en/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit"> | connected+} to the Internet, its security is crap</a>. When Miele's Internet of Stings hospital disinfectant dishwasher is <a href=" https://www.vice.com/en/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit "> connected to the Internet, its security is crap</a>. Quando la lavatrice di Miele per uso ospedaliero del tipo che chiamiamo "Internet of Stings" viene connessa ad Internet, <a href=" https://motherboard.vice.com/en_us/article/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit ">la sua sicurezza è nulla</a>. 116 The CIA exploited existing vulnerabilities in “smart” TVs and phones to design a malware that <a href=" https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html "> spies through their microphones and cameras while making them appear to be turned off</a>. Since the spyware sniffs signals, it bypasses encryption. 117 | “CloudPets” toys with microphones <a | href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">{+ | +}leak childrens' conversations to the manufacturer</a>. Guess what? <a | [-href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers-] | {+href="https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings"> | Crackers+} found a way to access the data</a> collected by the | manufacturer's snooping. “CloudPets” toys with microphones <a href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults"> leak childrens' conversations to the manufacturer</a>. Guess what? <a href=" https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings "> Crackers found a way to access the data</a> collected by the manufacturer's snooping. I giochi con microfono “CloudPets” <a href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">forniscono all'azienda produttrice le conversazioni dei bambini</a>. E come c'era da aspettarsi <a href=" https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings ">i malintenzionati possono accedere ai dati</a> raccolti da questa operazione di spionaggio. 119 | If you buy a used “smart” car, house, TV, refrigerator, etc., | usually <a | href="http{+s+}://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the | previous owners can still remotely control it</a>. If you buy a used “smart” car, house, TV, refrigerator, etc., usually <a href=" https://boingboing.net/2017/02/20/the-previous-owners-of-used.html ">the previous owners can still remotely control it</a>. Se acquistate un'auto, casa, TV, frigorifero di tipo "smart" da altri, solitamente <a href=" http://boingboing.net/2017/02/20/the-previous-owners-of-used.html ">il proprietario precedente può ancora controllarla da remoto</a>. 122 A cracker would be able to <a href=" https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/ "> turn the Oculus Rift sensors into spy cameras</a> after breaking into the computer they are connected to. 123 <small>(Unfortunately, the article <a href=" /philosophy/words-to-avoid.html#Hacker ">improperly refers to crackers as “hackers”</a>.)</small> 127 | The “smart” toys My Friend Cayla and i-Que can be <a | href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws{+/+}">remotely | controlled with a mobile phone</a>; physical access is not necessary. This | would enable crackers to listen in on a child's conversations, and even | speak into the toys themselves. The “smart” toys My Friend Cayla and i-Que can be <a href=" https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/ ">remotely controlled with a mobile phone</a>; physical access is not necessary. This would enable crackers to listen in on a child's conversations, and even speak into the toys themselves. I giocattoli “smart” My Friend Cayla and i-Que possono essere <a href=" https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws ">controllati da remoto con un telefono cellulare</a>; non è necessario l'accesso fisico. Questo permetterebbe ai malintenzionati di ascoltare le conversazioni di un bambino e persino di parlare attraverso i giocattoli. 129 | 4G LTE phone networks are drastically insecure. They can be <a | [-href="https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/">-] | {+href="https://www.theregister.com/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/">+} | taken over by third parties and used for man-in-the-middle attacks</a>. 4G LTE phone networks are drastically insecure. They can be <a href=" https://www.theregister.com/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ "> taken over by third parties and used for man-in-the-middle attacks</a>. Le reti telefoniche cellulari di tipo 4G LTE sono insicure. Possono essere <a href=" https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ "> controllate da terze parti</a> e usate per attacchi di tipo "man in the middle". 130 | Due to weak security, <a | href="http{+s+}://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it | is easy to open the doors of 100 million cars built by Volkswagen</a>. Due to weak security, <a href=" https://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844 ">it is easy to open the doors of 100 million cars built by Volkswagen</a>. Per carenze di sicurezza <a href=" http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844 ">è facile aprire le porte di 100 milioni di auto costruite da Volkswagen</a>. 131 | Ransomware <a | [-href="https://www.pentestpartners.com/blog/thermostat-ransomware-a-lesson-in-iot-security/">has-] | {+href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/"> | has+} been developed for a thermostat that uses proprietary software</a>. Ransomware <a href=" https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/ "> has been developed for a thermostat that uses proprietary software</a>. È stato sviluppato ransomware <a href=" https://www.pentestpartners.com/blog/thermostat-ransomware-a-lesson-in-iot-security/ ">per un termostato che usa software proprietario</a>. 132 | A <a | href="http{+s+}://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw | in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft | account credentials, if the user is tricked into visiting a malicious link. A <a href=" https://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/ ">flaw in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft account credentials, if the user is tricked into visiting a malicious link. Un <a href=" http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/ ">bug di Internet Explorer ed Edge</a> permette a un malintenzionato di ottenere le credenziali dell'account Microsoft dell'utente, se riesce a fargli visitare un link opportunamente costruito. 134 | A half-blind security critique of a tracking app: it found that <a | [-href="http://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats/">-] | {+href="https://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats-a1100919965/">+} | blatant flaws allowed anyone to snoop on a user's personal data</a>. The | critique fails entirely to express concern that the app sends the personal | data to a server, where the <em>developer</em> gets it all. This | “service” is for suckers! A half-blind security critique of a tracking app: it found that <a href=" https://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats-a1100919965/ "> blatant flaws allowed anyone to snoop on a user's personal data</a>. The critique fails entirely to express concern that the app sends the personal data to a server, where the <em>developer</em> gets it all. This “service” is for suckers! Una revisione di sicurezza di una applicazione usata per il tracciamento ha trovato che alcuni bug <a href=" http://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats/ "> permettevano a tutti di spiare dati personali di un utente</a>. Il revisore non si mostra preoccupato del fatto che l'applicazione invii dati personali a un server dove lo <em>sviluppatore</em> li vede comunque tutti. Questo “servizio” è per perdenti! 137 | A bug in a proprietary ASN.1 library, used in cell phone towers as well as | cell phones and routers, <a | [-href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">allows-] | {+href="https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/">allows+} | taking control of those systems</a>. A bug in a proprietary ASN.1 library, used in cell phone towers as well as cell phones and routers, <a href=" https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/ ">allows taking control of those systems</a>. Un bug in una libreria proprietaria ASN.1, usata nelle torri di comunicazione per cellulari, nei cellulari stessi e nei router, <a href=" http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover ">permette di prendere il controllo di tali sistemi</a>. 140 | Samsung's “Smart Home” has a big security hole; <a | [-href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">unauthorized-] | {+href="https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/"> | unauthorized+} people can remotely control it</a>. Samsung's “Smart Home” has a big security hole; <a href=" https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/ "> unauthorized people can remotely control it</a>. La “Smart Home” di Samsung ha un grosso problema di sicurezza; <a href=" http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/ ">persone non autorizzate possono controllarla da remoto</a>. 147 | Many proprietary payment apps <a | [-href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data"> | transmit-] | {+href="https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">transmit+} | personal data in an insecure way</a>. However, the worse aspect of these | apps is that <a | href="/philosophy/surveillance-vs-democracy.html">payment is not | anonymous</a>. Many proprietary payment apps <a href=" https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data ">transmit personal data in an insecure way</a>. However, the worse aspect of these apps is that <a href="/philosophy/surveillance-vs-democracy.html">payment is not anonymous</a>. Molte applicazioni proprietarie per i pagamenti <a href=" http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data "> trasmettono dati personali in modo insicuro</a>. Tuttavia, il peggior aspetto di queste applicazioni è che <a href="/philosophy/surveillance-vs-democracy.html">i pagamenti non sono anonimi</a>. 151 A pacemaker running proprietary code <a href=" https://www.wired.com/2016/02/i-want-to-know-what-code-is-running-inside-my-body/ ">was misconfigured and could have killed the implanted person</a>. In order to find out what was wrong and get it fixed, the person needed to break into the remote device that sets parameters in the pacemaker (possibly infringing upon manufacturer's rights under the DMCA). If this system had run free software, it could have been fixed much sooner. 152 | FitBit fitness trackers [-<a | href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">-] | have a {+<a | href="https://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">+} | Bluetooth vulnerability</a> that allows attackers to send malware to the | devices, which can subsequently spread to computers and other FitBit | trackers that interact with them. FitBit fitness trackers have a <a href=" https://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/ "> Bluetooth vulnerability</a> that allows attackers to send malware to the devices, which can subsequently spread to computers and other FitBit trackers that interact with them. I braccialetti per il monitoraggio della forma fisica di FitBit hanno <a href=" http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/ "> una vulnerabilità Bluetooth</a> che permette ai malintenzionati di inviare malware ai dispositivi, che in seguito possono infettare computer e altri dispositivi simili con cui entrano in contatto. 153 | “Self-encrypting” disk drives do the encryption with | proprietary firmware so you can't trust it. Western Digital's “My | Passport” drives <a | [-href="https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">have-] | {+href="https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption"> | have+} a back door</a>. “Self-encrypting” disk drives do the encryption with proprietary firmware so you can't trust it. Western Digital's “My Passport” drives <a href=" https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption "> have a back door</a>. Le funzioni di “cifratura nativa” dei dischi usano firmware proprietario per cifrare, e sono pertanto inaffidabili. I dischi “My Passport” di Western Digital <a href=" https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption ">hanno una back door</a>. 154 | Security researchers discovered a <a | href="http{+s+}://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text"> | vulnerability in diagnostic dongles used for vehicle tracking and | insurance</a> that let them take remote control of a car or lorry using an | SMS. Security researchers discovered a <a href=" https://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text "> vulnerability in diagnostic dongles used for vehicle tracking and insurance</a> that let them take remote control of a car or lorry using an SMS. Alcuni ricercatori in materia di sicurezza hanno scoperto <a href=" http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text "> falle nei dispositivi diagnostici</a> usati per il monitoraggio e l'assicurazione dei veicoli e hanno dimostrato di poter prendere il controllo di un'auto o un camion con un semplice SMS. 155 | Crackers were able to <a | [-href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">take-] | {+href="https://arstechnica.com/information-technology/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/"> | take+} remote control of the Jeep</a> “connected car”. {+They | could track the car, start or stop the engine, and activate or deactivate | the brakes, and more.+} Crackers were able to <a href=" https://arstechnica.com/information-technology/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/ "> take remote control of the Jeep</a> “connected car”. They could track the car, start or stop the engine, and activate or deactivate the brakes, and more. Alcuni cracker sono riusciti a <a href=" http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/ ">prendere il controllo di un'auto</a> “connected car” Jeep. 158 | Due to bad security in a drug pump, crackers could use it to <a | [-href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">kill-] | {+href="https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/"> | kill+} patients</a>. Due to bad security in a drug pump, crackers could use it to <a href=" https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/ "> kill patients</a>. I criminali informatici potrebbero sfruttare problemi di sicurezza in un erogatore di farmaci per <a href=" http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/ ">uccidere pazienti</a>. 159 | <a | href="http{+s+}://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html"> | Many smartphone apps use insecure authentication methods when storing your | personal data on remote [-servers.</a>-] {+servers</a>.+} This leaves | personal information like email addresses, passwords, and health | information vulnerable. Because many of these apps are proprietary it | makes it hard to impossible to know which apps are at risk. <a href=" https://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html "> Many smartphone apps use insecure authentication methods when storing your personal data on remote servers</a>. This leaves personal information like email addresses, passwords, and health information vulnerable. Because many of these apps are proprietary it makes it hard to impossible to know which apps are at risk. <a href=" http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html "> Molte applicazioni per smartphone usano metodi di autenticazione insicuri</a> quando memorizzano i dati personali dell'utente su server remoti rendendo così vulnerabili informazioni come indirizzi e-mail, password e informazioni sullo stato di salute. Dato che queste applicazioni sono proprietarie è impossibile sapere di preciso quali siano a rischio. 163 | An app to prevent “identity theft” (access to personal data) | by storing users' data on a special server <a | href="http{+s+}://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was | deactivated by its developer</a> which had discovered a security flaw. An app to prevent “identity theft” (access to personal data) by storing users' data on a special server <a href=" https://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/ ">was deactivated by its developer</a> which had discovered a security flaw. Un'applicazione che per evitare il “furto di identità” (accesso a dati personali) caricava i dati degli utenti su un server speciale <a href=" http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/ ">è stata disattivata dal suo sviluppatore</a> dopo aver scoperto una falla di sicurezza. 165 | Lots of <a | [-href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">hospital-] | {+href="https://www.wired.com/2014/04/hospital-equipment-vulnerable/"> | hospital+} equipment has lousy security</a>, and it can be fatal. Lots of <a href=" https://www.wired.com/2014/04/hospital-equipment-vulnerable/ "> hospital equipment has lousy security</a>, and it can be fatal. Molte <a href=" http://www.wired.com/2014/04/hospital-equipment-vulnerable/ ">attrezzature ospedaliere hanno pessima sicurezza</a>, mettendo a rischio le vite dei pazienti. 166 | The <a | [-href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity-] | {+href="https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity+} | of WhatsApp</a> makes eavesdropping a snap. The <a href=" https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/ ">insecurity of WhatsApp</a> makes eavesdropping a snap. Grazie alla <a href=" http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/ ">scarsa sicurezza di WhatsApp</a>, intercettare è un gioco da ragazzi. 167 | <a href="http{+s+}://www.bunniestudios.com/blog/?p=3554"> Some flash | memories have modifiable software</a>, which makes them vulnerable to | viruses. <a href=" https://www.bunniestudios.com/blog/?p=3554 "> Some flash memories have modifiable software</a>, which makes them vulnerable to viruses. <a href=" http://www.bunniestudios.com/blog/?p=3554 ">Alcune memorie flash (come chiavette USB) contengono software modificabile</a> che le rende vulnerabile ai virus. 169 | <a | [-href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">-] | {+href="https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">+} | Point-of-sale terminals running Windows were taken [-over-] {+over</a>+} | and turned into a botnet for the purpose of collecting customers' credit | card [-numbers</a>.-] {+numbers.+} <a href=" https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/ "> Point-of-sale terminals running Windows were taken over</a> and turned into a botnet for the purpose of collecting customers' credit card numbers. <a href=" http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/ ">Alcuni punti di vendita basati su Windows sono stati compromessi e trasformati in una botnet adibita alla raccolta di numeri di carta di credito dei clienti</a>. 170 | <a | [-href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">-] | {+href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">+} | The NSA can tap data in smart phones, including iPhones, Android, and | BlackBerry</a>. While there is not much detail here, it seems that this | does not operate via the universal back door that we know nearly all | portable phones have. It may involve exploiting various bugs. There are | <a | [-href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">-] | {+href="https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/">+} | lots of bugs in the phones' radio software</a>. <a href=" https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html "> The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry</a>. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are <a href=" https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/ "> lots of bugs in the phones' radio software</a>. <a href=" http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html ">La NSA può intercettare dati in vari smartphone, tra cui iPhone, Android e BlackBerry</a>. Sebbene l'articolo non sia dettagliato a sufficienza, pare che questo non sia compiuto tramite la ben nota backdoor universale presente in tutti i telefoni cellulari. Potrebbe comportare lo sfruttamento di vari bug. Ci sono <a href=" http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone ">molti bug nei programmi di radiocomunicazione dei telefoni</a>. 171 | <a | href="http{+s+}://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security">The | NSA has put back doors into nonfree encryption [-software.</a>-] | {+software</a>.+} We don't know which ones they are, but we can be sure | they include some widely used systems. This reinforces the point that you | can never trust the security of nonfree software. <a href=" https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security ">The NSA has put back doors into nonfree encryption software</a>. We don't know which ones they are, but we can be sure they include some widely used systems. This reinforces the point that you can never trust the security of nonfree software. <a href=" http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security ">L'NSA ha inserito delle backdoor all'interno di programmi di crittografia non liberi</a>. Non sappiamo quali siano, ma siamo certi che includono alcuni dei sistemi più diffusi. Questo rafforza l'idea che non ci si possa fidare della sicurezza del software non libero. 172 | [-<a | href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">-]The | FTC punished a company for making webcams with {+<a | href="https://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">+} | bad security so that it was easy for anyone to watch {+through+} them</a>. The FTC punished a company for making webcams with <a href=" https://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html "> bad security so that it was easy for anyone to watch through them</a>. <a href=" http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html ">La FTC (Federal Trade Commission, l'agenzia di stato americana per la tutela dei consumatori) ha punito una società per aver creato webcam dalla sicurezza così scarsa da permettere a chiunque di usarle per spiare</a>. 174 | [-<a | href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">-]It | is possible to {+<a | href="https://siliconangle.com/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">+} | kill people by taking control of medical implants by radio</a>. [-Here | is-] {+More information in+} <a | [-href="http://www.bbc.co.uk/news/technology-17631838">more | information</a>. And-] | {+href="https://www.bbc.com/news/technology-17631838">BBC News</a> and+} | <a | [-href="http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">here</a>.-] | {+href="https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/"> | IOActive Labs Research blog</a>.+} It is possible to <a href=" https://siliconangle.com/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/ "> kill people by taking control of medical implants by radio</a>. More information in <a href=" https://www.bbc.com/news/technology-17631838 ">BBC News</a> and <a href=" https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/ "> IOActive Labs Research blog</a>. <a href=" http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/ ">È possibile uccidere la gente che fa uso di dispositivi medici prendendone il controllo via radio</a>. Per ulteriori informazioni, seguire <a href=" http://www.bbc.co.uk/news/technology-17631838 ">questo link</a> o <a href=" http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html ">quest'altro</a>. 175 | <a | href="http{+s+}://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/"> | “Smart homes”</a> turn out to be stupidly vulnerable to | intrusion. <a href=" https://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/ "> “Smart homes”</a> turn out to be stupidly vulnerable to intrusion. <a href=" http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/ ">Le “Smart home” (case intelligenti)</a> sono dimostrate essere estremamente vulnerabili all'effrazione. 177 | [-<a | href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">-]It | is possible to {+<a | href="https://www.pcworld.com/article/495592/with_hacking_music_can_take_control_of_your_car.html">+} | take control of some car computers through malware in music files</a>. | Also <a | [-href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">by-] | {+href="https://www.nytimes.com/2011/03/10/business/10hack.html"> by+} | radio</a>. [-Here is-] {+More information in+} <a | [-href="http://www.autosec.org/faq.html">more information</a>.-] | {+href="http://www.autosec.org/faq.html"> Automotive Security And | Privacy Center</a>.+} It is possible to <a href=" https://www.pcworld.com/article/495592/with_hacking_music_can_take_control_of_your_car.html "> take control of some car computers through malware in music files</a>. Also <a href=" https://www.nytimes.com/2011/03/10/business/10hack.html "> by radio</a>. More information in <a href="http://www.autosec.org/faq.html"> Automotive Security And Privacy Center</a>. <a href=" http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/ ">È possibile prendere il controllo dei computer di bordo di alcune automobili inserendo malware all'interno di file musicali</a>. O anche <a href=" http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0 ">via radio</a>. <a href="http://www.autosec.org/faq.html">Ulteriori informazioni</a>. 180 || No change detected. The change might only be in amounts of spaces. Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating and contributing translations of this article. Le traduzioni italiane sono effettuate ponendo la massima attenzione ai dettagli e alla qualità, ma a volte potrebbero contenere imperfezioni. Se ne riscontrate, inviate i vostri commenti e suggerimenti riguardo le traduzioni a <a href=" mailto:web-translators@gnu.org "><web-translators@gnu.org></a> oppure contattate direttamente il <a href=" http://savannah.gnu.org/projects/www-it/ ">gruppo dei traduttori italiani</a>.<br/>Per informazioni su come gestire e inviare traduzioni delle nostre pagine web consultate la <a href="/server/standards/README.translations.html">Guida alle traduzioni</a>. 182 | This page is licensed under a <a rel="license" | [-href="http://creativecommons.org/licenses/by-nd/4.0/">Creative-] | {+href="http://creativecommons.org/licenses/by/4.0/">Creative+} Commons | [-Attribution-NoDerivatives-] {+Attribution+} 4.0 International | License</a>. This page is licensed under a <a rel="license" href=" http://creativecommons.org/licenses/by/4.0/ ">Creative Commons Attribution 4.0 International License</a>. Questa pagina è distribuita secondo i termini della licenza <a rel="license" href=" http://creativecommons.org/licenses/by-nd/4.0/ ">Creative Commons Attribuzione - Non opere derivate 4.0 internazionale</a> (CC BY-ND 4.0).
...
-
http://www.gnu.org/savannah-checkouts/gnu/gnun/reports/it/proprietary/proprietary-insecurity.html
- [detail]
- [similar]
PREV
NEXT