[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
all.html malware-appliances.html malware-mobiles.html proprietary...
From: |
Diff Report |
Subject: |
all.html malware-appliances.html malware-mobiles.html proprietary... |
Date: |
Wed, 21 Sep 2022 00:02:50 -0400 |
Modified:
all.html
malware-appliances.html
malware-mobiles.html
proprietary.html
proprietary-insecurity.html
diff -rNU2 all.html all.html
--- all.html 2022-09-15 04:02:26.079269169 +0000
+++ all.html 2022-09-21 04:02:50.070787241 +0000
@@ -51,4 +51,33 @@
<ul class="blurbs">
+<!--#set var='ADD' value='2022-09-20' --><!--#set var='PUB' value='2022-08-24'
--><li><small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span> — Latest
reference: <span class="gnun-split"></span><!--#echo encoding='none' var='PUB'
--></small>
+ <p>A security researcher found that the iOS in-app browser of TikTok <a
+
href="https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows">
+ injects keylogger-like JavaScript code into outside web pages</a>. This
+ code has the ability to track all users' activities, and to
+ retrieve any personal data that is entered on the pages. We have
+ no way of verifying TikTok's claim that the keylogger-like code
+ only serves purely technical functions. Some of the accessed data
+ could well be saved to the company's servers, and even shared with
+ third parties. This would open the door to extensive surveillance,
+ including by the Chinese government (to which TikTok has indirect
+ ties). There is also a risk that the data would be stolen by crackers,
+ and used to launch malware attacks.</p>
+
+ <p>The iOS in-app browsers of Instagram and Facebook
+ behave essentially the same way as TikTok's. The main
+ difference is that Instagram and Facebook allow users
+ to access third-party sites with their default browser, whereas <a
+
href="https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/">
+ TikTok makes it nearly impossible</a>.</p>
+
+ <p>The researcher didn't study the Android versions of in-app
+ browsers, but we have no reason to assume they are safer than the
+ iOS versions.</p>
+
+ <p><small>Please note that the article wrongly refers
+ to crackers as “hackers.”</small></p>
+ </li>
+
<!--#set var='ADD' value='2022-09-14' --><!--#set var='PUB' value='2022-08-07'
--><li><small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span> — Latest
reference: <span class="gnun-split"></span><!--#echo encoding='none' var='PUB'
--></small>
<p>Some Epson printers are programmed to <a
@@ -2842,5 +2871,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2022/09/14 13:30:29 $
+$Date: 2022/09/20 10:25:18 $
<!-- timestamp end -->
</p>
diff -rNU2 malware-appliances.html malware-appliances.html
--- malware-appliances.html 2022-09-15 04:02:26.091269161 +0000
+++ malware-appliances.html 2022-09-21 04:02:50.078787238 +0000
@@ -1329,5 +1329,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2022/09/14 13:30:29 $
+$Date: 2022/09/20 09:17:34 $
<!-- timestamp end -->
</p>
diff -rNU2 malware-mobiles.html malware-mobiles.html
--- malware-mobiles.html 2022-09-15 04:02:26.107269152 +0000
+++ malware-mobiles.html 2022-09-21 04:02:50.098787233 +0000
@@ -355,4 +355,35 @@
<ul class="blurbs">
+ <li id="M202208240">
+ <!--#set var="DATE" value='<small class="date-tag">2022-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A security researcher found that the iOS in-app browser of TikTok <a
+
href="https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows">
+ injects keylogger-like JavaScript code into outside web pages</a>. This
+ code has the ability to track all users' activities, and to
+ retrieve any personal data that is entered on the pages. We have
+ no way of verifying TikTok's claim that the keylogger-like code
+ only serves purely technical functions. Some of the accessed data
+ could well be saved to the company's servers, and even shared with
+ third parties. This would open the door to extensive surveillance,
+ including by the Chinese government (to which TikTok has indirect
+ ties). There is also a risk that the data would be stolen by crackers,
+ and used to launch malware attacks.</p>
+
+ <p>The iOS in-app browsers of Instagram and Facebook
+ behave essentially the same way as TikTok's. The main
+ difference is that Instagram and Facebook allow users
+ to access third-party sites with their default browser, whereas <a
+
href="https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/">
+ TikTok makes it nearly impossible</a>.</p>
+
+ <p>The researcher didn't study the Android versions of in-app
+ browsers, but we have no reason to assume they are safer than the
+ iOS versions.</p>
+
+ <p><small>Please note that the article wrongly refers
+ to crackers as “hackers.”</small></p>
+ </li>
+
<li id="M201908020">
<!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
@@ -1678,5 +1709,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2022/09/13 15:39:44 $
+$Date: 2022/09/20 10:25:21 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary.html proprietary.html
--- proprietary.html 2022-09-15 04:02:26.143269131 +0000
+++ proprietary.html 2022-09-21 04:02:50.126787225 +0000
@@ -97,6 +97,6 @@
</div>
-<p>As of August, 2022, the pages in this directory list around 550
-instances of malicious functionalities (with more than 660 references to
+<p>As of September, 2022, the pages in this directory list around 550
+instances of malicious functionalities (with more than 670 references to
back them up), but there are surely thousands more we don't know about.</p>
@@ -198,4 +198,35 @@
<ul class="blurbs">
+ <li id="M202208240">
+ <!--#set var="DATE" value='<small class="date-tag">2022-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A security researcher found that the iOS in-app browser of TikTok <a
+
href="https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows">
+ injects keylogger-like JavaScript code into outside web pages</a>. This
+ code has the ability to track all users' activities, and to
+ retrieve any personal data that is entered on the pages. We have
+ no way of verifying TikTok's claim that the keylogger-like code
+ only serves purely technical functions. Some of the accessed data
+ could well be saved to the company's servers, and even shared with
+ third parties. This would open the door to extensive surveillance,
+ including by the Chinese government (to which TikTok has indirect
+ ties). There is also a risk that the data would be stolen by crackers,
+ and used to launch malware attacks.</p>
+
+ <p>The iOS in-app browsers of Instagram and Facebook
+ behave essentially the same way as TikTok's. The main
+ difference is that Instagram and Facebook allow users
+ to access third-party sites with their default browser, whereas <a
+
href="https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/">
+ TikTok makes it nearly impossible</a>.</p>
+
+ <p>The researcher didn't study the Android versions of in-app
+ browsers, but we have no reason to assume they are safer than the
+ iOS versions.</p>
+
+ <p><small>Please note that the article wrongly refers
+ to crackers as “hackers.”</small></p>
+ </li>
+
<li id="M202208070">
<!--#set var="DATE" value='<small class="date-tag">2022-08</small>'
@@ -255,12 +286,4 @@
yes to almost any snooping.</p>
</li>
-
- <li id="M202006110">
- <!--#set var="DATE" value='<small class="date-tag">2020-06</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>Network location tracking is used, among other techniques, for <a
-
href="https://www.linkedin.com/pulse/location-based-advertising-has-starbucks-coupon-finally-john-craig">
- targeted advertising</a>.</p>
- </li>
</ul>
<p class="button right-align">
@@ -325,5 +348,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2022/09/14 13:30:29 $
+$Date: 2022/09/20 10:25:21 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary-insecurity.html proprietary-insecurity.html
--- proprietary-insecurity.html 2022-09-15 04:02:26.147269129 +0000
+++ proprietary-insecurity.html 2022-09-21 04:02:50.134787223 +0000
@@ -114,4 +114,35 @@
<ul class="blurbs">
+ <li id="M202208240">
+ <!--#set var="DATE" value='<small class="date-tag">2022-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A security researcher found that the iOS in-app browser of TikTok <a
+
href="https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows">
+ injects keylogger-like JavaScript code into outside web pages</a>. This
+ code has the ability to track all users' activities, and to
+ retrieve any personal data that is entered on the pages. We have
+ no way of verifying TikTok's claim that the keylogger-like code
+ only serves purely technical functions. Some of the accessed data
+ could well be saved to the company's servers, and even shared with
+ third parties. This would open the door to extensive surveillance,
+ including by the Chinese government (to which TikTok has indirect
+ ties). There is also a risk that the data would be stolen by crackers,
+ and used to launch malware attacks.</p>
+
+ <p>The iOS in-app browsers of Instagram and Facebook
+ behave essentially the same way as TikTok's. The main
+ difference is that Instagram and Facebook allow users
+ to access third-party sites with their default browser, whereas <a
+
href="https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/">
+ TikTok makes it nearly impossible</a>.</p>
+
+ <p>The researcher didn't study the Android versions of in-app
+ browsers, but we have no reason to assume they are safer than the
+ iOS versions.</p>
+
+ <p><small>Please note that the article wrongly refers
+ to crackers as “hackers.”</small></p>
+ </li>
+
<li id="M202202090">
<!--#set var="DATE" value='<small class="date-tag">2022-02</small>'
@@ -1287,5 +1318,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2022/08/22 15:07:27 $
+$Date: 2022/09/20 10:25:21 $
<!-- timestamp end -->
</p>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- all.html malware-appliances.html malware-mobiles.html proprietary...,
Diff Report <=