[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
malware-cars.html proprietary.html proprietary-insecurity.html
From: |
Diff Report |
Subject: |
malware-cars.html proprietary.html proprietary-insecurity.html |
Date: |
Mon, 09 Jan 2023 00:01:17 -0500 |
Modified:
malware-cars.html
proprietary.html
proprietary-insecurity.html
diff -rNU2 malware-cars.html malware-cars.html
--- malware-cars.html 2022-12-14 05:02:28.099273019 +0000
+++ malware-cars.html 2023-01-09 05:01:16.175904284 +0000
@@ -60,4 +60,21 @@
<ul class="blurbs">
+ <li id="M202211301">
+ <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Hackers discovered <a
+ href="https://samcurry.net/web-hackers-vs-the-auto-industry/"> dozens
+ of flaws in the security (in the usual narrow sense) of many brands
+ of automobiles</a>.</p>
+
+ <p>Security in the usual narrow sense means security against unknown
+ third parties. We are more concerned with security in the broader
+ sense—against the manufacturer as well as against unknown
+ third parties. It is clear that each of these vulnerabilities can
+ be exploited by the manufacturer too, and by any government that
+ can threaten the manufacturer enough to compel the manufacturer's
+ cooperation.</p>
+ </li>
+
<li id="M202208220">
<!--#set var="DATE" value='<small class="date-tag">2022-08</small>'
@@ -443,5 +460,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2017-2022 Free Software Foundation, Inc.</p>
+<p>Copyright © 2017-2023 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -453,5 +470,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2022/08/28 07:17:03 $
+$Date: 2023/01/08 17:55:29 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary.html proprietary.html
--- proprietary.html 2022-12-14 05:02:28.243273153 +0000
+++ proprietary.html 2023-01-09 05:01:16.215904288 +0000
@@ -226,4 +226,21 @@
<ul class="blurbs">
+ <li id="M202211301">
+ <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Hackers discovered <a
+ href="https://samcurry.net/web-hackers-vs-the-auto-industry/"> dozens
+ of flaws in the security (in the usual narrow sense) of many brands
+ of automobiles</a>.</p>
+
+ <p>Security in the usual narrow sense means security against unknown
+ third parties. We are more concerned with security in the broader
+ sense—against the manufacturer as well as against unknown
+ third parties. It is clear that each of these vulnerabilities can
+ be exploited by the manufacturer too, and by any government that
+ can threaten the manufacturer enough to compel the manufacturer's
+ cooperation.</p>
+ </li>
+
<li id="M202211140">
<!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
@@ -282,75 +299,4 @@
backdoor that was remotely used to unlock it.</p>
</li>
-
- <li id="M202209000">
- <!--#set var="DATE" value='<small class="date-tag">2022-09</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p><a hreflang="ja"
- href="https://ja.wikipedia.org/wiki/B-CAS">B-CAS</a> <a
- href="#m1">[1]</a> is the digital restrictions management (DRM) system
- used by Japanese TV broadcasters, including state-run TV. It is sold
- by the B-CAS company, which has a de-facto monopoly on it. Initially
- intended for pay-TV, its use was extended to digital free-to-air
- broadcasting as a means to enforce restrictions on copyrighted
- works. The system encrypts works that permit free redistribution
- just like other works, thus denying users their nominal rights.</p>
-
- <p>On the client side, B-CAS is typically implemented by a card
- that plugs into a compatible receiver, or alternatively by a tuner
- card that plugs into a computer. Beside implementing drastic copying
- and viewing restrictions, this system gives broadcasters full power
- over users, through back doors among other means. For example:</p>
-
- <ul>
- <li>It can force messages to the user's TV screen, and the user
- can't turn them off.</li>
-
- <li>It can collect viewing information and share it with other
- companies to take surveys. Until 2011, user registration was
- required, so the viewing habits of each customer were recorded. We
- don't know whether this personal information was deleted from the
- company's servers after 2011.</li>
-
- <li>Each card has an ID, which enables broadcasters to force
- customer-specific updates via the back door normally used to update
- the decryption key. Thus pay-TV broadcasters can disable decryption
- of the broadcast wave if subscription fees are not paid on time.
- This feature could also be used by any broadcaster (possibly
- instructed by the government) to stop certain persons from watching
- TV.</li>
-
- <li>Since the software in receivers is nonfree, and tuner cards are
- designed for either Windows or MacOS, it is impossible to legally
- watch Japanese TV from the Free World.</li>
-
- <li>As the export of B-CAS cards is illegal, people outside Japan
- can't (officially) decrypt the satellite broadcast signal that may
- spill over to their location. They are thus deprived of a valuable
- source of information about what happens in Japan.</li>
- </ul>
-
- <p>These unacceptable restrictions led to a sort of cat-and-mouse
- game, with some users doing their best to bypass the system, and
- broadcasters trying to stop them without much success: cryptographic
- keys were retrieved through the back door of the B-CAS card, illegal
- cards were made and sold on the black market, as well as a tuner for
- PC that disables the copy control signal.</p>
-
- <p>While B-CAS cards are still in use with older equipment, modern
- high definition TVs have an even nastier version of this DRM (called
- ACAS) in a special chip that is built into the receiver. The chip
- can update its own software from the company's servers, even when
- the receiver is turned off (but still plugged into an outlet). This
- feature could be abused to disable stored TV programs that the power
- in place doesn't agree with, thus interfering with free speech.</p>
-
- <p>Being part of the receiver, the ACAS chip is supposed to be
- tamper-resistant. Time will tell…</p>
-
- <p id="m1"><small>[1] We thank the free software supporter who
- translated this article from Japanese, and shared his experience of
- B-CAS with us. (Unfortunately, the article presents DRM as a good
- thing.)</small></p>
- </li>
</ul>
<p class="button right-align">
@@ -405,5 +351,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2013-2022 Free Software Foundation, Inc.</p>
+<p>Copyright © 2013-2023 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -415,5 +361,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2022/12/13 15:29:34 $
+$Date: 2023/01/08 17:55:29 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary-insecurity.html proprietary-insecurity.html
--- proprietary-insecurity.html 2022-12-14 05:02:28.251273160 +0000
+++ proprietary-insecurity.html 2023-01-09 05:01:16.219904288 +0000
@@ -114,4 +114,21 @@
<ul class="blurbs">
+ <li id="M202211301">
+ <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Hackers discovered <a
+ href="https://samcurry.net/web-hackers-vs-the-auto-industry/"> dozens
+ of flaws in the security (in the usual narrow sense) of many brands
+ of automobiles</a>.</p>
+
+ <p>Security in the usual narrow sense means security against unknown
+ third parties. We are more concerned with security in the broader
+ sense—against the manufacturer as well as against unknown
+ third parties. It is clear that each of these vulnerabilities can
+ be exploited by the manufacturer too, and by any government that
+ can threaten the manufacturer enough to compel the manufacturer's
+ cooperation.</p>
+ </li>
+
<li id="M202210140">
<!--#set var="DATE" value='<small class="date-tag">2022-10</small>'
@@ -1321,5 +1338,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2013, 2015-2022 Free Software Foundation, Inc.</p>
+<p>Copyright © 2013, 2015-2023 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -1331,5 +1348,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2022/12/05 11:23:10 $
+$Date: 2023/01/08 17:55:29 $
<!-- timestamp end -->
</p>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- malware-cars.html proprietary.html proprietary-insecurity.html,
Diff Report <=