Results of 1 - 1 of about 725 for Android 12 (1.854 sec.)
android (2801), 12 (27802)
- proprietary-insecurity.ja.po
- #score: 5143
- @digest: 39f88912f6b4fd0211ced965809fc9d3
- @id: 400380
- @mdate: 2024-03-26T14:24:04Z
- @size: 68121
- @type: text/html
- content-type: text/html; charset=utf-8
- #keywords: セキ (26297), ュリ (24004), arstechnica (23282), キュ (18865), vulnerability (15850), crackers (15398), リテ (15307), tiktok (13958), vulnerable (10893), theguardian (9932), security (9523), hospital (9221), アプ (9050), https (8582), vulnerabilities (8198), プリ (8149), researchers (7432), ティ (7421), cameras (7307), ldquo (6903), href (6729), samsung (6646), rdquo (6362), hackers (5680), technology (5622), phones (5067), ータ (4351), smart (4346), chinese (4211), ウェ (3756), ライ (3736), hacker (3723)
- proprietary-insecurity.ja.po Mismatched links: 141. Mismatched ids: 0. # text 17 UEFI makes computers <a href=" https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/ "> vulnerable to advanced persistent threats</a> that are almost impossible to detect once installed. Here are <a href=" https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ "> technical details</a>. 21 <a href=" /proprietary/uhd-bluray-denies-your-freedom.html ">UHD Blu-ray disks are loaded with malware of the worst kinds</a>. Among other things, playing them on a PC requires Intel SGX (Software Guard Extensions), which not only has numerous security vulnerabilities, but also was deprecated and removed from mainstream Intel CPUs in 2022. 22 <a href=" https://www.bleepingcomputer.com/news/security/logofail-attack-can-install-uefi-bootkits-through-bootup-logos/ ">x86 and ARM based computers shipped with UEFI are potentially vulnerable to a design omission called LogoFAIL</a>. A cracker can replace the BIOS logo with a fake one that contains malicious code. Users can't fix this omission because it is in the nonfree UEFI firmware that users can't replace. 23 Hackers discovered <a href=" https://samcurry.net/web-hackers-vs-the-auto-industry/ "> dozens of flaws in the security (in the usual narrow sense) of many brands of automobiles</a>. 25 <a href=" https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/ "> The Microsoft Office encryption is weak</a>, and susceptible to attack. 27 A security researcher found that the iOS in-app browser of TikTok <a href=" https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows "> injects keylogger-like JavaScript code into outside web pages</a>. This code has the ability to track all users' activities, and to retrieve any personal data that is entered on the pages. We have no way of verifying TikTok's claim that the keylogger-like code only serves purely technical functions. Some of the accessed data could well be saved to the company's servers, and even sent to third parties. This would open the door to extensive surveillance, including by the Chinese government (to which TikTok has indirect ties). There is also a risk that the data would be stolen by crackers, and used to launch malware attacks. 28 The iOS in-app browsers of Instagram and Facebook behave essentially the same way as TikTok's. The main difference is that Instagram and Facebook allow users to access third-party sites with their default browser, whereas <a href=" https://web.archive.org/web/20221201065621/https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/ "> TikTok makes it nearly impossible</a>. 31 A bug in Tesla cars software <a href=" https://www.tweaktown.com/news/86780/new-app-allows-hackers-to-steal-teslas-by-making-their-own-keys/index.html "> lets crackers install new car keys</a>, unlock cars, start engines, and even prevent real owners from accessing their cars. 32 A cracker even reported that he was able to <a href=" https://fortune.com/2022/01/12/teen-hacker-david-colombo-took-control-25-tesla-ev/ "> disable security systems and take control of 25 cars</a>. 33 <small>Please note that these articles wrongly use the word “<a href=" /philosophy/words-to-avoid.html#Hacker ">hacker</a>” instead of cracker.</small> 34 A security failure in Microsoft's Windows is <a href=" https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/ ">infecting people's computers with RedLine stealer malware</a> using a fake Windows 11 upgrade installer. 35 A critical bug in Apple's iOS makes it possible for attackers to alter a shutdown event, <a href=" https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/ ">tricking the user into thinking that the phone has been powered off</a>. But in fact, it's still running, and the user can't feel any difference between a real shutdown and the fake shutdown. 36 Hundreds of Tesla drivers <a href=" https://www.theguardian.com/technology/2021/nov/20/tesla-app-outage-elon-musk-apologises ">were locked out of their cars as a result of Tesla's app suffering from an outage</a>, which happened because the app is tethered to the company's servers. 37 Some researchers at Google <a href=" https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users ">found a zero-day vulnerability on MacOS, which crackers used to target people visiting the websites</a> of a media outlet and a pro-democracy labor and political group in Hong Kong. 38 <small>Please note that the article wrongly refers to crackers as “<a href=" /philosophy/words-to-avoid.html#Hacker ">hackers</a>”.</small> 39 Various models of security cameras, DVRs, and baby monitors that run proprietary software <a href=" https://www.wired.com/story/kalay-iot-bug-video-feeds/ ">are affected by a security vulnerability that could give attackers access to live feeds</a>. 40 <a href=" https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones "> The pegasus spyware used vulnerabilities on proprietary smartphone operating systems</a> to impose surveillance on people. It can record people's calls, copy their messages, and secretly film them, using a security vulnerability. There's also <a href=" https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf "> a technical analysis of this spyware</a> available in PDF format. 42 A newly found Microsoft Windows vulnerability <a href=" https://edition.cnn.com/2021/07/08/tech/microsoft-windows-10-printnightmare/ "> can allow crackers to remotely gain access to the operating system</a> and install programs, view and delete data, or even create new user accounts with full user rights. 44 <a href=" https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/ ">TikTok apps collect biometric identifiers and biometric information from users' smartphones</a>. The company behind it does whatever it wants and collects whatever data it can. 45 <a href=" https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/ ">Apple is moving its Chinese customers' iCloud data to a datacenter controlled by the Chinese government</a>. Apple is already storing the encryption keys on these servers, obeying Chinese authority, making all Chinese user data available to the government. 46 A motorcycle company named Klim is selling airbag vests with different payment methods, one of them is through a <a href=" https://www.vice.com/en/article/93yyyd/this-motorcycle-airbag-vest-will-stop-working-if-you-miss-a-payment ">proprietary subscription-based option that will block the vest from inflating if the payments don't go through</a>. 48 The United States' government is reportedly considering <a href=" https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/ ">teaming up with private companies to monitor American citizens' private online activity and digital communications</a>. 50 A zero-day vulnerability in Zoom which <a href=" https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/ ">can be used to launch remote code execution (RCE) attacks</a> has been disclosed by researchers. The researchers demonstrated a three-bug attack chain that caused an RCE on a target machine, all this without any form of user interaction. 51 <a href=" https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams ">Over 150 thousand security cameras that used Verkada company's proprietary software are cracked</a> by a major security breach. Crackers have had access to security archives of various gyms, hospitals, jails, schools, and police stations that have used Verkada's cameras. 52 <a href=" /philosophy/surveillance-vs-democracy.html ">It is injustice to the public</a> for gyms, stores, hospitals, jails, and schools to hand “security” footage to a company from which the government can collect it at any time, without even telling them. 53 At least 30 thousand organizations in the United States are newly “<a href=" /philosophy/words-to-avoid.html#Hacker ">cracked</a>” via <a href=" https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/ ">holes in Microsoft's proprietary email software, named Microsoft 365</a>. It is unclear whether there are other holes and vulnerabilities in the program or not but history and experience tells us it wouldn't be the last disaster with proprietary programs. 54 Researchers at the security firm SentinelOne discovered a <a href=" https://www.wired.com/story/windows-defender-vulnerability-twelve-years/ ">security flaw in proprietary program Microsoft Windows Defender that lurked undetected for 12 years</a>. If the program was free (as in freedom), more people would have had a chance to notice the problem, therefore, it could've been fixed a lot sooner. 55 A cracker <a href=" https://www.vice.com/en/article/m7apnn/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom ">took control of people's internet-connected chastity cages and demanded ransom</a>. The chastity cages are being controlled by a proprietary app (mobile program). 56 <small>(Please note that the article wrongly refers to crackers as "<a href=" /philosophy/words-to-avoid.html#Hacker ">hackers</a>".)</small> 57 Commercial crackware can <a href=" https://www.theguardian.com/technology/2020/dec/20/iphones-vulnerable-to-hacking-tool-for-months-researchers-say "> get passwords out of an iMonster</a>, use the microphone and camera, and other things. 58 <a href=" https://www.washingtonpost.com/technology/2020/12/18/zoom-helped-china-surveillance/ "> A Zoom executive carried out snooping and censorship for the Chinese government</a>. 60 United States officials are facing one of biggest crackings against them in years, when <a href=" https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department ">malicious code was sneaked into SolarWinds' proprietary software named Orion</a>. Crackers got access to networks when users downloaded a tainted software update. Crackers were able to monitor internal emails at some of the top agencies in the US. 61 Baidu apps were <a href=" https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/ "> caught collecting sensitive personal data</a> that can be used for lifetime tracking of users, and putting them in danger. More than 1.4 billion people worldwide are affected by these proprietary apps, and users' privacy is jeopardized by this surveillance tool. Data collected by Baidu may be handed over to the Chinese government, possibly putting Chinese people in danger. 62 Some Wavelink and JetStream wifi routers have universal back doors that enable unauthenticated users to remotely control not only the routers, but also any devices connected to the network. There is evidence that <a href=" https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/ "> this vulnerability is actively exploited</a>. 63 If you consider buying a router, we encourage you to get one that <a href=" https://ryf.fsf.org/categories/routers ">runs on free software</a>. Any attempts at introducing malicious functionalities in it (e.g., through a firmware update) will be detected by the community, and soon corrected. 64 If unfortunately you own a router that runs on proprietary software, don't panic! You may be able to replace its firmware with a free operating system such as <a href=" https://librecmc.org ">libreCMC</a>. If you don't know how, you can get help from a nearby GNU/Linux user group. 65 Apple has <a href=" https://sneak.berlin/20201112/your-computer-isnt-yours/ ">implemented a malware in its computers that imposes surveillance</a> on users and reports users' computing to Apple. 67 Samsung is forcing its smartphone users in Hong Kong (and Macau) <a href=" https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/ ">to use a public DNS in Mainland China</a>, using software update released in September 2020, which causes many unease and privacy concerns. 68 TikTok <a href=" https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html "> exploited an Android vulnerability</a> to obtain user MAC addresses. 69 <a href=" https://www.wired.com/story/ripple20-iot-vulnerabilities/ "> A disasterous security bug</a> touches millions of products in the Internet of Stings. 71 The proprietary program Microsoft Teams' insecurity <a href=" https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif/ ">could have let a malicious GIF steal user data from Microsoft Teams accounts</a>, possibly across an entire company, and taken control of “an organization's entire roster of Teams accounts.” 72 Riot Games' new anti-cheat is malware; <a href=" https://www.extremetech.com/gaming/309320-riot-games-new-anti-cheat-system-runs-at-system-boot-uses-kernel-driver ">runs on system boot at kernel level</a> on Windows. It is insecure software that increases the attack surface of the operating system. 73 Internet-tethered Amazon Ring had a security vulnerability that enabled attackers to <a href=" https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password "> access the user's wifi password</a>, and snoop on the household through connected surveillance devices. 75 A series of vulnerabilities <a href=" https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/ ">found in iOS allowed attackers to gain access to sensitive information including private messages, passwords, photos and contacts stored on the user's iMonster</a>. 77 Out of 21 gratis Android antivirus apps that were tested by security researchers, eight <a href=" https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/ "> failed to detect a test virus</a>. All of them asked for dangerous permissions or contained advertising trackers, with seven being more risky than the average of the 100 most popular Android apps. 79 Many Android apps can track users' movements even when the user says <a href=" https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location "> not to allow them access to locations</a>. 81 Users caught in the jail of an iMonster are <a href=" https://boingboing.net/2019/05/15/brittle-security.html "> sitting ducks for other attackers</a>, and the app censorship prevents security companies from figuring out how those attacks work. 83 The Medtronics Conexus Telemetry Protocol has <a href=" https://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/ "> two vulnerabilities that affect several models of implantable defibrillators</a> and the devices they connect to. 85 The Ring doorbell camera is designed so that the manufacturer (now Amazon) can watch all the time. Now it turns out that <a href=" https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/ "> anyone else can also watch, and fake videos too</a>. 86 The third party vulnerability is presumably unintentional and Amazon will probably fix it. However, we do not expect Amazon to change the design that <a href=" /proprietary/proprietary-surveillance.html#M201901100 ">allows Amazon to watch</a>. 87 Researchers have discovered how to <a href=" https://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co "> hide voice commands in other audio</a>, so that people cannot hear them, but Alexa and Siri can. 88 Since the beginning of 2017, <a href=" https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled ">Android phones have been collecting the addresses of nearby cellular towers</a>, even when location services are disabled, and sending that data back to Google. 89 Crackers found a way to break the security of an Amazon device, and <a href=" https://boingboing.net/2018/08/12/alexa-bob-carol.html "> turn it into a listening device</a> for them. 91 <small>(These crackers are probably hackers too, but please <a href=" https://stallman.org/articles/on-hacking.html "> don't use “hacking” to mean “breaking security”</a>.)</small> 92 Siri, Alexa, and all the other voice-control systems can be <a href=" https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa "> hijacked by programs that play commands in ultrasound that humans can't hear</a>. 93 Some Samsung phones randomly <a href=" https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages ">send photos to people in the owner's contact list</a>. 94 One of the dangers of the “internet of stings” is that, if you lose your internet service, you also <a href=" https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/ "> lose control of your house and appliances</a>. 96 Intel's intentional “management engine” back door has <a href=" https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/ "> unintended back doors</a> too. 97 Amazon recently invited consumers to be suckers and <a href=" https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/ "> allow delivery staff to open their front doors</a>. Wouldn't you know it, the system has a grave security flaw. 98 Bad security in some cars makes it possible to <a href=" https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937 "> remotely activate the airbags</a>. 99 A “smart” intravenous pump designed for hospitals is connected to the internet. Naturally <a href=" https://www.techdirt.com/2017/09/22/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack/ "> its security has been cracked</a>. 100 <small>(Note that this article misuses the term <a href=" /philosophy/words-to-avoid.html#Hacker ">“hackers”</a> referring to crackers.)</small> 101 The bad security in many Internet of Stings devices allows <a href=" https://www.techdirt.com/2017/08/28/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you/ ">ISPs to snoop on the people that use them</a>. 103 <small>(It is unfortunate that the article uses the term <a href=" /philosophy/words-to-avoid.html#Monetize ">“monetize”</a>.)</small> 104 Many models of Internet-connected cameras <a href=" /proprietary/proprietary-back-doors.html#InternetCameraBackDoor "> have backdoors</a>. 105 That is a malicious functionality, but in addition it is a gross insecurity since anyone, including malicious crackers, <a href=" https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/ ">can find those accounts and use them to get into users' cameras</a>. 106 Many models of Internet-connected cameras are tremendously insecure. They have login accounts with hard-coded passwords, which can't be changed, and <a href=" https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/ ">there is no way to delete these accounts either</a>. 107 Intel's CPU backdoor—the Intel Management Engine—had a <a href=" https://arstechnica.com/information-technology/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/ ">major security vulnerability for 10 years</a>. 108 The vulnerability allowed a cracker to access the computer's Intel Active Management Technology (AMT) <a href=" https://arstechnica.com/information-technology/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/ "> web interface with an empty password and gave administrative access</a> to access the computer's keyboard, mouse, monitor among other privileges. 110 The proprietary code that runs pacemakers, insulin pumps, and other medical devices is <a href=" https://www.bbc.com/news/technology-40042584 "> full of gross security faults</a>. 111 Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) pre-installed on 28 models of HP laptops logged the user's keystroke to a file in the filesystem. Any process with access to the filesystem or the MapViewOfFile API could gain access to the log. Furthermore, <a href=" https://modzero.com/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html ">according to modzero</a> the “information-leak via Covert Storage Channel enables malware authors to capture keystrokes without taking the risk of being classified as malicious task by AV heuristics”. 112 Exploits of bugs in Windows, which were developed by the NSA and then leaked by the Shadowbrokers group, are now being used to <a href=" https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/ ">attack a great number of Windows computers with ransomware</a>. 113 Many Android devices <a href=" https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/ "> can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's nonfree firmware. 114 When Miele's Internet of Stings hospital disinfectant dishwasher is <a href=" https://www.vice.com/en/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit "> connected to the Internet, its security is crap</a>. 116 The CIA exploited existing vulnerabilities in “smart” TVs and phones to design a malware that <a href=" https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html "> spies through their microphones and cameras while making them appear to be turned off</a>. Since the spyware sniffs signals, it bypasses encryption. 117 “CloudPets” toys with microphones <a href=" https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults "> leak childrens' conversations to the manufacturer</a>. Guess what? <a href=" https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings "> Crackers found a way to access the data</a> collected by the manufacturer's snooping. 119 If you buy a used “smart” car, house, TV, refrigerator, etc., usually <a href=" https://boingboing.net/2017/02/20/the-previous-owners-of-used.html ">the previous owners can still remotely control it</a>. 120 The mobile apps for communicating <a href=" https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/ ">with a smart but foolish car have very bad security</a>. 122 A cracker would be able to <a href=" https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/ "> turn the Oculus Rift sensors into spy cameras</a> after breaking into the computer they are connected to. 123 <small>(Unfortunately, the article <a href=" /philosophy/words-to-avoid.html#Hacker ">improperly refers to crackers as “hackers”</a>.)</small> 124 Samsung phones <a href=" https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/ ">have a security hole that allows an SMS message to install ransomware</a>. 125 WhatsApp has a feature that <a href=" https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/ "> has been described as a “back door”</a> because it would enable governments to nullify its encryption. 127 The “smart” toys My Friend Cayla and i-Que can be <a href=" https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/ ">remotely controlled with a mobile phone</a>; physical access is not necessary. This would enable crackers to listen in on a child's conversations, and even speak into the toys themselves. 129 4G LTE phone networks are drastically insecure. They can be <a href=" https://www.theregister.com/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ "> taken over by third parties and used for man-in-the-middle attacks</a>. 4G LTEの携帯電話ネットワークは徹底的に危険です。それは<a href=" https://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ ">サードパーティーによって乗っ取られてマン・イン・ザ・ミドル(間の人)攻撃に使用され</a>ることがありえます。 130 Due to weak security, <a href=" https://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844 ">it is easy to open the doors of 100 million cars built by Volkswagen</a>. 弱いセキュリティのため、<a href=" http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844 ">フォルクスワーゲンで作られた100万台の車のドアが簡単に開けられます</a>。 132 A <a href=" https://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/ ">flaw in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft account credentials, if the user is tricked into visiting a malicious link. <a href=" http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/ ">インターネット・エクスプローラとエッジの欠陥</a>は、あるユーザが悪意あるリンクを訪問するようにだまされた場合、攻撃者にマイクロソフト・アカウントの信任を取得することを可能とします。 134 A half-blind security critique of a tracking app: it found that <a href=" https://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats-a1100919965/ "> blatant flaws allowed anyone to snoop on a user's personal data</a>. The critique fails entirely to express concern that the app sends the personal data to a server, where the <em>developer</em> gets it all. This “service” is for suckers! 追跡アプリの半ば盲目のセキュリティ批評: <a href=" http://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats/ ">甚だしい欠陥が誰もがあるユーザの個人データを覗き見することを許している</a>ことがわかりました。この批評は、アプリが個人のデータをサーバに送ることについて懸念を表明することに完全に失敗しています。そこでは、<em>開発者</em>はすべてを得るのです。この「サービス」は、だまされやすい人のためです! 137 A bug in a proprietary ASN.1 library, used in cell phone towers as well as cell phones and routers, <a href=" https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/ ">allows taking control of those systems</a>. プロプライエタリなASN.1ライブラリのバグ(携帯電話のタワー、携帯電話とルータに使用されていた)は、<a href=" http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover ">このシステムを乗っ取ることを許してしまいます</a>。 140 Samsung's “Smart Home” has a big security hole; <a href=" https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/ "> unauthorized people can remotely control it</a>. Samsungの“Smart Home”は大きなセキュリティホールがあり、<a href=" http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/ ">許可されていない人が遠隔でそれを操作できます</a>。 147 Many proprietary payment apps <a href=" https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data ">transmit personal data in an insecure way</a>. However, the worse aspect of these apps is that <a href="/philosophy/surveillance-vs-democracy.html">payment is not anonymous</a>. 多くのプロプライエタリな支払いのアプリは<a href=" http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data ">個人情報を危険な方法で送信します</a>。しかし、こういったアプリのもっと悪いことは<a href="/philosophy/surveillance-vs-democracy.html">支払いが匿名ではない</a>ことです。 151 A pacemaker running proprietary code <a href=" https://www.wired.com/2016/02/i-want-to-know-what-code-is-running-inside-my-body/ ">was misconfigured and could have killed the implanted person</a>. In order to find out what was wrong and get it fixed, the person needed to break into the remote device that sets parameters in the pacemaker (possibly infringing upon manufacturer's rights under the DMCA). If this system had run free software, it could have been fixed much sooner. 152 FitBit fitness trackers have a <a href=" https://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/ "> Bluetooth vulnerability</a> that allows attackers to send malware to the devices, which can subsequently spread to computers and other FitBit trackers that interact with them. FitBitフィトネス・トラッカー<a href=" http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/ ">はBluetoothの脆弱性があり</a>、攻撃者がマルウェアをデバイスに送り、そのマルウェアは続けてコンピュータとほかのFitBitトラッカーへ広がって通信することができました。 153 “Self-encrypting” disk drives do the encryption with proprietary firmware so you can't trust it. Western Digital's “My Passport” drives <a href=" https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption "> have a back door</a>. 「自己暗号化」ディスクドライブはプロプライエタリなファームウェアで暗号化を行うので、信頼できません。ウェスタン・ディジタルの“My Passport”ドライブには<a href=" https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption ">バックドア</a>があります。 154 Security researchers discovered a <a href=" https://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text "> vulnerability in diagnostic dongles used for vehicle tracking and insurance</a> that let them take remote control of a car or lorry using an SMS. セキュリティの研究家は<a href=" http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text ">車の追跡と保険のために使われる診断ドングルの脆弱性</a>を発見し、車やトラックをSMSを使って遠隔操作できることを示しました。 155 Crackers were able to <a href=" https://arstechnica.com/information-technology/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/ "> take remote control of the Jeep</a> “connected car”. They could track the car, start or stop the engine, and activate or deactivate the brakes, and more. クラッカーは「ネットにつながる車」と名付けられた<a href=" http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/ ">ジープの遠隔操作のコントロールを奪う</a>ことができました。かれらは、その車を追跡し、エンジンをかけたり止めたり、ブレーキを効かせたり、緩めたり、などなどできたのです。 158 Due to bad security in a drug pump, crackers could use it to <a href=" https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/ "> kill patients</a>. 薬のポンプの劣悪なセキュリティのため、クラッカーが<a href=" http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/ ">患者を殺す</a>ために、利用できるだろうと考えられます。 159 <a href=" https://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html "> Many smartphone apps use insecure authentication methods when storing your personal data on remote servers</a>. This leaves personal information like email addresses, passwords, and health information vulnerable. Because many of these apps are proprietary it makes it hard to impossible to know which apps are at risk. <a href=" http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html ">多くのスマートフォンのアプリは遠隔のサーバ上に個人のデータを保管する際、セキュアでない認証方式を使っています</a>。 これは電子メールアドレス、パスワード、医療情報のような個人情報を脆弱のままにします。多くのアプリがプロプライエタリなので、どのアプリがリスクがあるのかについて知るのは難しくなっています。 163 An app to prevent “identity theft” (access to personal data) by storing users' data on a special server <a href=" https://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/ ">was deactivated by its developer</a> which had discovered a security flaw. 特別なサーバにユーザのデータを置くことにより“アイデンティティ盗難”(個人情報へのアクセス)を防ぐアプリが<a href=" http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/ ">その開発者によって停止されていました</a>。それ自身にセキュリティの欠陥が発見されたからです。 165 Lots of <a href=" https://www.wired.com/2014/04/hospital-equipment-vulnerable/ "> hospital equipment has lousy security</a>, and it can be fatal. <a href=" http://www.wired.com/2014/04/hospital-equipment-vulnerable/ ">医療機器はひどいセキュリティの状態で</a>、致命的になりえます。 166 The <a href=" https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/ ">insecurity of WhatsApp</a> makes eavesdropping a snap. The <a href=" http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/ ">WhatsAppの危険性</a>は盗聴を実に簡単なものにします。 167 <a href=" https://www.bunniestudios.com/blog/?p=3554 "> Some flash memories have modifiable software</a>, which makes them vulnerable to viruses. <a href=" http://www.bunniestudios.com/blog/?p=3554 ">あるフラッシュメモリは修正可能なソフトウェアを有し</a>、ウィルスに対して脆弱です。 169 <a href=" https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/ "> Point-of-sale terminals running Windows were taken over</a> and turned into a botnet for the purpose of collecting customers' credit card numbers. <a href=" http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/ ">ウィンドウズを走らせているPOS端末が(コントロールを)奪われ</a>、顧客のクレジットカード番号を収集する目的のボットネットにされてしまいました。 170 <a href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"> The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry</a>. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are <a href=" https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/ "> lots of bugs in the phones' radio software</a>. <a href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">NSAはiPhone, アンドロイド、BlackBerryのを含むスマートフォンのデータを盗み見ることができます</a>。詳細はわかりませんが、ほとんどの携帯電話にあることがわかっている万能バックドアを通じて行われるのではないようです。それは、さまざまなバグの利活用に関係するかもしれません。<a href=" http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone ">携帯電話の電波ソフトウェアにはたくさんのバグがある</a>のです。 171 <a href=" https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security ">The NSA has put back doors into nonfree encryption software</a>. We don't know which ones they are, but we can be sure they include some widely used systems. This reinforces the point that you can never trust the security of nonfree software. <a href=" http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security ">NSAは不自由な暗号ソフトウェアにバックドアを仕込みました</a>。わたしたちは、それがどれかわかりませんが、ある広く使われているシステムであるのは確かです。これは、不自由なソフトウェアのセキュリティを決して信用してはならないという論点を補強します。 172 The FTC punished a company for making webcams with <a href=" https://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html "> bad security so that it was easy for anyone to watch through them</a>. FTCは<a href=" http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html ">誰でも簡単に視ることができた悪いセキュリティのwebcamを作った</a>会社を罰しました。 174 It is possible to <a href=" https://siliconangle.com/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/ "> kill people by taking control of medical implants by radio</a>. More information in <a href=" https://www.bbc.com/news/technology-17631838 ">BBC News</a> and <a href="https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/"> IOActive Labs Research blog</a>. <a href=" http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/ ">ラジオによってインプラントの医療機器のコントロールを奪い、人を殺すこと</a>が可能です。こちらに<a href=" http://www.bbc.co.uk/news/technology-17631838 ">より詳しい情報があります</a>。そして、<a href="https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/">こちらにも</a>。 175 <a href=" https://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/ "> “Smart homes”</a> turn out to be stupidly vulnerable to intrusion. <a href=" http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/ ">「スマートホーム」</a>は侵入に対してバカげたほど脆弱であることが判明しました。 176 <a href=" http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html "> Crackers found a way to break security on a “smart” TV</a> and use its camera to watch the people who are watching TV. 177 It is possible to <a href=" https://www.pcworld.com/article/495592/with_hacking_music_can_take_control_of_your_car.html "> take control of some car computers through malware in music files</a>. Also <a href=" https://www.nytimes.com/2011/03/10/business/10hack.html "> by radio</a>. More information in <a href="http://www.autosec.org/faq.html"> Automotive Security And Privacy Center</a>. <a href=" http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/ ">音楽ファイルの中のマルウェアを通じてある車のコンピュータのコントロールを奪うこと</a>が可能です。また、<a href=" http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0 ">ラジオでも</a>。こちらに<a href="http://www.autosec.org/faq.html">より詳しい情報があります</a>。 180 TODO: submitting -> contributing. Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating and contributing translations of this article. 正確で良い品質の翻訳を提供するよう努力していますが、不完全な場合もあるかと思います。翻訳に関するコメントと提案は、<a href=" mailto:web-translators@gnu.org "><web-translators@gnu.org></a>におねがいします。</p><p>わたしたちのウェブページの翻訳の調整と提出については、<a href="/server/standards/README.translations.html">翻訳 README</a>をご覧ください。
...
-
http://www.gnu.org/savannah-checkouts/gnu/gnun/reports/ja/proprietary/proprietary-insecurity.html
- [detail]
- [similar]
PREV
NEXT